 | 1 | initial version |
Statistics -> IPv4 Statistics -> Source and Destination Addresses
Statistics -> IPv6 Statistics -> Source and Destination Addresses
The menu items above look like a gui front end to the tshark options:
-z ip_srcdst,tree[,filter]
Calculate statistics on IPv4 addresses, with source and destination addresses separated into separate categories.-z ip6_srcdst,tree[,filter]
Calculate statistics on IPv6 addresses, with source and destination addresses separated into separate categories.
(The output is suspect. A test capture with IPv4 and IPv6 packets, IPv6 addresses appear in the IPv4 statistics.)
This can be done with tshark pulling the ip.src and ip.dst fields and crunching the output.
Be aware that some packets (e.g. ICMP and ICMPv6) include an extra IP header so there are multiple ip.src and ip.dst in the packets.
$ tshark -r ./*10130* -T fields -e ip.src | sort | uniq | sort -n | wc
176 175 2840
$ tshark -r ./*10130* -T fields -e ipv6.src | sort | uniq | sort -n | wc
178 177 5412
Lower counts when only counting the first occurrence of the field in each frame.
$ tshark -r ./*10130* -T fields -E occurrence=f -e ip.src | sort | uniq | sort -n | wc
169 168 2474
$ tshark -r ./*10130* -T fields -E occurrence=f -e ipv6.src | sort | uniq | sort -n | wc
176 175 4502
Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.