How to filter multiple packets with same IP ID ?

Hello,

I have to filter and find if in the Trace we get 2 packets with same IP ID. (Ofcourse i dont know the IP ID in advance else its a simple filter).

So, an example: I have a 10,000 packets trace, i should show packets only which have same IP ID repeated.

How can i do it ?

Regards, TA.

filter

asked 15 Oct '11, 04:44

Ankur
1●1●1●1
accept rate: 0%

2 Answers:

oldest newest most voted

What about starting with TShark, part of the Wireshark distribution, to create a list of ip.id's:
$ tshark -r DB01-22022011-1128.pcap -T fields -e ip.id | sort | uniq -c | sort -r > ip.id.csv

Hope this helps.

link

answered 15 Oct '11, 11:21

joke
1.2k●3●7●29
accept rate: 10%

edited 16 Oct '11, 12:55

Ankur,

You may find this useful.

I had a same query and mate can address this pretty well.

http://ask.wireshark.org/questions/5083/how-to-check-number-of-packets-with-duplicate-ip-identification-field

Hope this helps.

Regards,

-Deepak

link

answered 15 Oct '11, 09:28

Deepak
31●1●1●3
accept rate: 25%

edited 15 Oct '11, 11:22

joke
1.2k●3●7●29

Your answer

toggle preview

community wiki

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

*italic* or _italic_
**bold** or __bold__
link:[text](http://url.com/ "Title")
image?![alt text](/path/img.jpg "Title")
numbered list: 1. Foo 2. Bar
to add a line break simply add two spaces to where you would like the new line to be.
basic HTML tags are also supported

learn more about Markdown

Tags:

filter ×128

Asked: 15 Oct '11, 04:44

Seen: 1,573 times

Last updated: 16 Oct '11, 12:55

How to filter multiple packets with same IP ID ?

Follow this question

You have a trillion packets.

You need to see four of them.

Don't have Wireshark?

Related questions