This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Use tshark to analyze source and destination IPs from dumpfile?

0

Hi,

If I use wireshark to open a dumpfile I get something like this:

No.     Time        Source                Destination           Protocol Info

1 0.000000    10.192.128.15         10.192.3.78           UDP      Source port: 5482  Destination port: 35218

I need to use tshark (CLI) to read multiple dumpfiles and get the source and destination IPs.

Is this possible?

Cheers.

asked 22 Sep ‘11, 05:07

Ravendark's gravatar image

Ravendark
1111
accept rate: 0%

edited 24 Sep ‘11, 15:32

helloworld's gravatar image

helloworld
3.1k42041

1

Have you checked the tshark manual page?

(22 Sep ‘11, 06:15) Jaap ♦

yes I have but I don’t understand much

(22 Sep ‘11, 11:09) Ravendark

Then you’ll have to define more specifically what you want.

(22 Sep ‘11, 11:23) Jaap ♦

One Answer:

1

How about tshark -T fields -e ip.src -e ip.dst ... for each file ?

answered 28 Sep '11, 07:38

Bill%20Meier's gravatar image

Bill Meier ♦♦
3.2k1850
accept rate: 17%