This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

How to filter multiple packets with same IP ID ?

0

Hello,

I have to filter and find if in the Trace we get 2 packets with same IP ID. (Ofcourse i dont know the IP ID in advance else its a simple filter).

So, an example: I have a 10,000 packets trace, i should show packets only which have same IP ID repeated.

How can i do it ?

Regards, TA.

asked 15 Oct '11, 04:44

Ankur's gravatar image

Ankur
1111
accept rate: 0%


2 Answers:

1

What about starting with TShark, part of the Wireshark distribution, to create a list of ip.id's:
$ tshark -r DB01-22022011-1128.pcap -T fields -e ip.id | sort | uniq -c | sort -r > ip.id.csv

Output:
    824 
    107 0x0000
     11 0x18e9
     10 0x1a6d
     10 0x1a69
     10 0x1a63
     10 0x1a61
     10 0x1a35
     10 0x18d4
      9 0x1ac2
    etc.

Hope this helps.

answered 15 Oct '11, 11:21

joke's gravatar image

joke
1.3k4934
accept rate: 9%

edited 16 Oct '11, 12:55

0

Ankur,

You may find this useful.

I had a same query and mate can address this pretty well.

http://ask.wireshark.org/questions/5083/how-to-check-number-of-packets-with-duplicate-ip-identification-field

Hope this helps.

Regards,

-Deepak

answered 15 Oct '11, 09:28

Deepak's gravatar image

Deepak
31225
accept rate: 25%

edited 15 Oct '11, 11:22

joke's gravatar image

joke
1.3k4934