I am analyzing a pcap file and extracting data using tshark, but whenever I encounter an ICMP frame, the corresponding data being extracted by tshark is duplicated. For the following frame in wireshark, "ICMP","68.232.181.238","152.81.230.67" I get
the above output from tshark. I just need one value each for source and destination ip addresses. I would greatly appreciate it if someone can let me know if there is a different way to extract src and dst ip addresses from pcap. Currently I am using -e ip.src and -e ip.dst to get the ip addresses. asked 23 Mar '15, 03:21 nnmanobala edited 23 Mar '15, 03:22 |
One Answer:
You can use From
answered 23 Mar '15, 06:26 SYN-bit ♦♦ |
Your solution works perfectly for my requirement. Thank you very much.