This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Finding conversations for multiple ips (hundreds)

0

Is there a way in tshark to look conversations from a large list of ips? I have a list of ips in a text file. There are usually 100+ ips in the file. I can do some command line scripting to make this work, but I was wondering if I could use a file as input to the filter.

So ideally it would look something like this: tshark -qnr mydump.pcap -z conv,ip,ip.addr==<myipfile.txt>

And get all conversations involving the ips in my file.

asked 24 Aug '11, 06:25

DeBuG's gravatar image

DeBuG
1111
accept rate: 0%


One Answer:

0

Re: ... but I was wondering if I could use a file as input to the filter.

The short answer: not without some command line scripting. :)

Would it work (and be simpler) to just generate the conversation list without a filter and then use grep -Ff myipfile.txt ... (or something similar) to get the list of conversations for just the desired IPs ?

answered 25 Aug '11, 09:20

Bill%20Meier's gravatar image

Bill Meier ♦♦
3.2k1850
accept rate: 17%

edited 25 Aug '11, 09:21