This is our old Q&A Site. Please post any new questions and answers at


I am working on a project and I have the following commands to capture network traffic (using ICMP MAINLY).

The commands are as follows:

"C://Program Files/Wireshark/tshark" -i "Local Area Connection" -a duration:10 -w C://Temp/tsharkData

"C://Program Files/Wireshark/tshark" -r C:\Temp\tsharkData -T fields -e frame.number -e ip.src -e ip.dst -e frame.len -e frame.time -e frame.time_relative -E header=y -E separator=, > C:\\Temp\tsharkData.txt (THIS IS TO CONVERT THE RAW DATA TO HUMAN READABLE FORMAT)

At this point how do I get it to capture and siaplay MAC addresses of the traffic that is being captured.

NEED COMMAND USING tshark as this will help me create my automation system for shutting down ports in a DoS attack.



asked 27 Mar '15, 08:48

naeemtania's gravatar image

accept rate: 0%

edited 27 Mar '15, 10:22

grahamb's gravatar image

grahamb ♦

You'll need to add the fields for the mac addresses.

Assuming you're using wired Ethernet, to find the field names open any capture in Wireshark, expand the protocol tree for the Ethernet II part, and select the Destination and Source fields in turn and look at the field description in the status bar at the bottom left. The field name will be in parentheses. So for Ethernet MAC addresses you need eth.dst and eth.src and they can be added to your command line as additional -e options

permanent link

answered 27 Mar '15, 08:55

grahamb's gravatar image

grahamb ♦
accept rate: 22%


Thanks a lot, make more sense to me however I can find the bit where I can add eth.dst and ets.src in a protocol tree.

Can you please tell me which option I need to go to in order to add the eth.dst and eth.src expressions for tshark.

Thanks a lot

Much appreciate

(ps. Not familiar with wireshark)

(27 Mar '15, 09:28) naeemtania

Just slot the extra fields into your command line. Using the line you posted in your question:

"C:\Program Files\Wireshark\tshark" -r C:\Temp\tsharkData -T fields -e frame.number -e ip.src -e ip.dst -e eth.src -e eth.dst -e frame.len -e frame.time -e frame.time_relative -E header=y -E separator=, > C:\Temp\tsharkData.txt

(27 Mar '15, 10:21) grahamb ♦
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text]( "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:


question asked: 27 Mar '15, 08:48

question was seen: 3,315 times

last updated: 27 Mar '15, 10:22

p​o​w​e​r​e​d by O​S​Q​A