Ask Your Question

Revision history [back]

how to use tshark to divide a packet into several records?

I have encountered a problem where I used tshark to extract a packet like that:

Internet Protocol Version 4, Src: 192.168.0.33, Dst: 192.168.0.15
Transmission Control Protocol, Src Port: 179, Dst Port: 2124, Seq: 49, Ack: 265
Border Gateway Protocol - UPDATE Message
...
Path attributes
...
Path Attribute = AS_PATH: 1 2
...
Border Gateway Protocol - UPDATE Message
...
Path attributes
...
Path Attribute = AS_PATH: 1 3
...
Border Gateway Protocol - UPDATE Message
...
Path attributes
...
Path Attribute = AS_PATH: 2 4
...

when I use a command like "tshark -r a.cap -e bgp.update.path_attribute.as_path_segment.as4 ...", I get a result like "1 2 1 3 2 4", which is not what I want. I am confused how to use tshark so that I can get results like "1 2","1 3","2 4" as three records?

how to use tshark to divide a packet into several records?

I have encountered a problem where I used tshark to extract a packet like that:

Internet Protocol Version 4, Src: 192.168.0.33, Dst: 192.168.0.15
Transmission Control Protocol, Src Port: 179, Dst Port: 2124, Seq: 49, Ack: 265
Border Gateway Protocol - UPDATE Message
...
Path attributes
...
Path Attribute = - AS_PATH: 1 2
...
Border Gateway Protocol - UPDATE Message
...
Path attributes
...
Path Attribute = - AS_PATH: 1 3
...
Border Gateway Protocol - UPDATE Message
...
Path attributes
...
Path Attribute = AS_PATH: 2 4
...

when I use a command like "tshark -r a.cap -e bgp.update.path_attribute.as_path_segment.as4 ...", I get a result like "1 2 1 3 2 4", which is not what I want. I am confused how to use tshark so that I can get results like "1 2","1 3","2 4" as three records?

click to hide/show revision 3
None

updated 2019-02-13 13:52:13 +0000

grahamb gravatar image

how to use tshark to divide a packet into several records?

I have encountered a problem where I used tshark to extract a packet like that:

Internet Protocol Version 4, Src: 192.168.0.33, Dst: 192.168.0.15
 192.168.0.15
Transmission Control Protocol, Src Port: 179, Dst Port: 2124, Seq: 49, Ack: 265
 265
Border Gateway Protocol - UPDATE Message

    ...

    Path attributes

        ...
 Message
    ...
    Path attributes
        ...
        Path Attribute - AS_PATH: 1 2

        ...
 2
        ...
Border Gateway Protocol - UPDATE Message

    ...

    Path attributes

        ...
 Message
    ...
    Path attributes
        ...
        Path Attribute - AS_PATH: 1 3

        ...
 3
        ...
Border Gateway Protocol - UPDATE Message

    ...

    Path attributes

        ...
 Message
    ...
    Path attributes
        ...
        Path Attribute = AS_PATH: 2 4

        ...
 
4
        ...

when I use a command like "tshark tshark -r a.cap -e bgp.update.path_attribute.as_path_segment.as4 ...", ..., I get a result like "1 2 1 3 2 4", which is not what I want. I am confused how to use tshark so that I can get results like "1 2","1 3","2 4" as three records?

how to use tshark to divide a packet into several records?

I have encountered a problem where I used tshark to extract a packet like that:

Internet Protocol Version 4, Src: 192.168.0.33, Dst: 192.168.0.15
Transmission Control Protocol, Src Port: 179, Dst Port: 2124, Seq: 49, Ack: 265
Border Gateway Protocol - UPDATE Message
    ...
    Path attributes
        ...
        Path Attribute - AS_PATH: 1 2
        ...
Border Gateway Protocol - UPDATE Message
    ...
    Path attributes
        ...
        Path Attribute - AS_PATH: 1 3
        ...
Border Gateway Protocol - UPDATE Message
    ...
    Path attributes
        ...
        Path Attribute = AS_PATH: 2 4
        ...

when I use a command like tshark -r a.cap -e bgp.update.path_attribute.as_path_segment.as4 ..., I get a result like "1 2 1 3 2 4", which is not what I want. I am confused how to use tshark so that I can get results like "1 2","1 3","2 4" as three records?

how to use tshark to divide a packet into several records?

I have encountered a problem where I used tshark to extract a packet like that:

Internet Protocol Version 4, Src: 192.168.0.33, Dst: 192.168.0.15
Transmission Control Protocol, Src Port: 179, Dst Port: 2124, Seq: 49, Ack: 265
Border Gateway Protocol - UPDATE Message
    ...
    Path attributes
        ...
        Path Attribute - AS_PATH: 1 2
        ...
Border Gateway Protocol - UPDATE Message
    ...
    Path attributes
        ...
        Path Attribute - AS_PATH: 1 3
        ...
Border Gateway Protocol - UPDATE Message
    ...
    Path attributes
        ...
        Path Attribute = AS_PATH: 2 4
        ...

when I use a command like tshark -r a.cap -e bgp.update.path_attribute.as_path_segment.as4 ..., I get a result like "1 2 1 3 2 4", which is not what I want. I am confused how to use tshark so that I can get results like "1 2","1 3","2 4" as three records?

how to use tshark to divide a packet into several records?

I have encountered a problem where I used tshark to extract a packet like that:

Internet Protocol Version 4, Src: 192.168.0.33, Dst: 192.168.0.15
Transmission Control Protocol, Src Port: 179, Dst Port: 2124, Seq: 49, Ack: 265
Border Gateway Protocol - UPDATE Message
    ...
    Path attributes
        ...
        Path Attribute - AS_PATH: 1 2
        ...
Border Gateway Protocol - UPDATE Message
    ...
    Path attributes
        ...
        Path Attribute - AS_PATH: 1 3
        ...
Border Gateway Protocol - UPDATE Message
    ...
    Path attributes
        ...
        Path Attribute = AS_PATH: 2 4
        ...

when I use a command like tshark -r a.cap -e bgp.update.path_attribute.as_path_segment.as4 ..., I get a result like "1 2 1 3 2 4", which is not what I want. I am confused how to use tshark so that I can get results like "1 2","1 3","2 4" as three records?

how to use tshark to divide a packet into several records?

I have encountered a problem where I used tshark to extract a packet like that:

Internet Protocol Version 4, Src: 192.168.0.33, Dst: 192.168.0.15
Transmission Control Protocol, Src Port: 179, Dst Port: 2124, Seq: 49, Ack: 265
Border Gateway Protocol - UPDATE Message
    ...
    Path attributes
        ...
        Path Attribute - AS_PATH: 1 2
        ...
Border Gateway Protocol - UPDATE Message
    ...
    Path attributes
        ...
        Path Attribute - AS_PATH: 1 3
        ...
Border Gateway Protocol - UPDATE Message
    ...
    Path attributes
        ...
        Path Attribute = AS_PATH: 2 4
        ...

when I use a command like tshark -r a.cap -e bgp.update.path_attribute.as_path_segment.as4 ..., I get a result like "1 2 1 3 2 4", which is not what I want. I am confused how to use tshark so that I can get results like "1 2","1 3","2 4" as three records?

how to use tshark to divide a packet into several records?

I have encountered a problem where I used tshark to extract a packet like that:

Internet Protocol Version 4, Src: 192.168.0.33, Dst: 192.168.0.15
Transmission Control Protocol, Src Port: 179, Dst Port: 2124, Seq: 49, Ack: 265
Border Gateway Protocol - UPDATE Message
    ...
    Path attributes
        ...
        Path Attribute - AS_PATH: 1 2
        ...
Border Gateway Protocol - UPDATE Message
    ...
    Path attributes
        ...
        Path Attribute - AS_PATH: 1 3
        ...
Border Gateway Protocol - UPDATE Message
    ...
    Path attributes
        ...
        Path Attribute = AS_PATH: 2 4
        ...

when I use a command like tshark -r a.cap -e bgp.update.path_attribute.as_path_segment.as4 ..., I get a result like "1 2 1 3 2 4", which is not what I want. I am confused how to use tshark so that I can get results like "1 2","1 3","2 4" as three records?

how to use tshark to divide a packet into several records?

I have encountered a problem where I used tshark to extract a packet like that:

Internet Protocol Version 4, Src: 192.168.0.33, Dst: 192.168.0.15
Transmission Control Protocol, Src Port: 179, Dst Port: 2124, Seq: 49, Ack: 265
Border Gateway Protocol - UPDATE Message
    ...
    Path attributes
        ...
        Path Attribute - AS_PATH: 1 2
        ...
Border Gateway Protocol - UPDATE Message
    ...
    Path attributes
        ...
        Path Attribute - AS_PATH: 1 3
        ...
Border Gateway Protocol - UPDATE Message
    ...
    Path attributes
        ...
        Path Attribute = AS_PATH: 2 4
        ...

when I use a command like tshark -r a.cap -e bgp.update.path_attribute.as_path_segment.as4 ..., I get a result like "1 2 1 3 2 4", which is not what I want. I am confused how to use tshark so that I can get results like "1 2","1 3","2 4" as three records?

how to use tshark to divide a packet into several records?

I have encountered a problem where I used tshark to extract a packet like that:

Internet Protocol Version 4, Src: 192.168.0.33, Dst: 192.168.0.15
Transmission Control Protocol, Src Port: 179, Dst Port: 2124, Seq: 49, Ack: 265
Border Gateway Protocol - UPDATE Message
    ...
    Path attributes
        ...
        Path Attribute - AS_PATH: 1 2
        ...
Border Gateway Protocol - UPDATE Message
    ...
    Path attributes
        ...
        Path Attribute - AS_PATH: 1 3
        ...
Border Gateway Protocol - UPDATE Message
    ...
    Path attributes
        ...
        Path Attribute = AS_PATH: 2 4
        ...

when I use a command like tshark -r a.cap -e bgp.update.path_attribute.as_path_segment.as4 ..., I get a result like "1 2 1 3 2 4", which is not what I want. I am confused how to use tshark so that I can get results like "1 2","1 3","2 4" as three records?