This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

How can I display all IPs that are not mine with tshark

0

How can I display all IPs that are not mine with `tshark.

I need to combine those 2 commands

1.Source IPs that are not mine:

  `tshark -T fields -e ip.dst -Y "ip.dst != 192.168.1.55"`

2.Destination IPs that are not mine:

`tshark -T fields -e ip.dst -Y "ip.dst != 192.168.1.55"`

where 192.168.1.55 is my IP.

asked 09 Oct '16, 11:09

user31415's gravatar image

user31415
26569
accept rate: 0%


2 Answers:

1

tshark -Y usb -z endpoints,ip may be what you are looking for. By -Y usb you prevent any individual frames from being printed, and -z endpoints,ip will cause tshark to print the statistics of IPs encountered in the capture - yours will be there too, but just once, like all the others.

answered 09 Oct '16, 11:34

sindy's gravatar image

sindy
6.0k4851
accept rate: 24%

1

Try:

tshark -T fields -e ip.src -e ip.dst -Y "ip.src != 192.168.1.55 and ip.dst != 192.168.1.55"

answered 09 Oct '16, 11:44

grahamb's gravatar image

grahamb ♦
19.8k330206
accept rate: 22%