This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Hi,

If I use wireshark to open a dumpfile I get something like this:

No.     Time        Source                Destination           Protocol Info

1 0.000000    10.192.128.15         10.192.3.78           UDP      Source port: 5482  Destination port: 35218

I need to use tshark (CLI) to read multiple dumpfiles and get the source and destination IPs.

Is this possible?

Cheers.

asked 22 Sep '11, 05:07

Ravendark's gravatar image

Ravendark
1111
accept rate: 0%

edited 24 Sep '11, 15:32

helloworld's gravatar image

helloworld
3.1k42041

1

Have you checked the tshark manual page?

(22 Sep '11, 06:15) Jaap ♦

yes I have but I don't understand much

(22 Sep '11, 11:09) Ravendark

Then you'll have to define more specifically what you want.

(22 Sep '11, 11:23) Jaap ♦

How about tshark -T fields -e ip.src -e ip.dst ... for each file ?

permanent link

answered 28 Sep '11, 07:38

Bill%20Meier's gravatar image

Bill Meier ♦♦
3.2k1850
accept rate: 17%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×832

question asked: 22 Sep '11, 05:07

question was seen: 3,225 times

last updated: 28 Sep '11, 07:38

p​o​w​e​r​e​d by O​S​Q​A