I've been trying to get both IP address and hostname with tshark. From Wireshark it is easy, but from tshark I couldn't figure out how to do it. "-z ip_hosts,tree" parameter just give the IP Addresses even when I specify "-N n" parameter. How can I get this IP addresses and hostnames together? By the way -z hosts does not give all IPs and hostnames, sometimes does not give anything at all. asked 30 Jul '15, 07:08  xmikro |
One Answer:
Try the -T and -e options. For example: -T fields -e ip.addr answered 30 Jul '15, 09:25  Amato_C |
Thanks!
tshark -T fields -e ip.dst_host -e ip.dstis just what I wanted. But do you have any idea why-z hostsparameter does not work?