I have recently upgraded from 1.10.3 to 1.12.4 and found that running the command tshark -q -r input.cap -z ip_hosts,tree does NOT include any IPv6 addresses even though they exist in the capture file. Is there an equivalent command for IPv6 or is this a bug? asked 15 Jul '15, 17:05  matt |
One Answer:
ip_hosts is an filter for the "ip" tap (internal thing), which is fed by packet-ip IP(v4) protocol dissector. The packet-ipv6 IPv6 dissector feeds the ipv6 tap (again the internal mechanism for statistics etc.) which does not have a corresponding statistics output filter AFAIK. In short 'ip' is usually an abbreviation of ipv4 and (unfortunately maybe) not the aggregate of both protocols (although by itself is not strange, because of the sometimes significant differences between them) answered 16 Jul '15, 05:40  Jaap ♦ |
