This is our old Q&A Site. Please post any new questions and answers at

Hi everyone,

I am running tshark on a WAP to make various analyses of my clients' traffic. One of the things I do is monitor all DNS requests to find out which hosts the clients want to access. All I basically want for further processing (in Python) is the source MAC and DNS name of every query, so i came up with the following command...

tshark -n -T fields -e eth.src -e -f "port 53" -i wlan0

...and it's working, basically, but some of the tshark output lines start with some kind of sequence number, like this:

1 c4:43:8f:c5:60:5c
4 c4:43:8f:c5:60:5c

What are those and how can I get rid of them? As I said, I'm only interested in who asks for which address to resolve.

Thanks in advance for any help.

asked 30 Apr '15, 09:51

teenious's gravatar image

accept rate: 0%

tshark version and host OS?

(30 Apr '15, 10:06) grahamb ♦

It's tshark 1.10.6 on xubuntu 14.04

(30 Apr '15, 10:10) teenious

That's the packet count number. See the answer to a similar question.


permanent link

answered 30 Apr '15, 12:07

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
accept rate: 15%

Thank you very much, Kurt, upgrading tshark solved my problem. I'm a bit embarrassed I didn't stumble upon the other thread myself, but then again, my searches for "packet number" and "sequence number" didn't yield a lot of useful results...

(01 May '15, 10:13) teenious
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text]( "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:


question asked: 30 Apr '15, 09:51

question was seen: 2,702 times

last updated: 01 May '15, 10:13

p​o​w​e​r​e​d by O​S​Q​A