my command is
tshark -r test.pcapng -Y "eth.addr==00:60:65:16:4f:22 && eth.addr==20:87:56:77:a5:97" -T fields -e _ws.col.Source -e _ws.col.Destination -e _ws.col.Protocol -E header=n -E separator=, -E occurrence=f
the column protocol is 0x8892
 | 1 | initial version |
my command is
tshark -r test.pcapng -Y "eth.addr==00:60:65:16:4f:22 && eth.addr==20:87:56:77:a5:97" -T fields -e _ws.col.Source -e _ws.col.Destination -e _ws.col.Protocol -E header=n -E separator=, -E occurrence=f
the column protocol is 0x8892
my command is
tshark -r test.pcapng -Y "eth.addr==00:60:65:16:4f:22 && eth.addr==20:87:56:77:a5:97" -T fields -e _ws.col.Source -e _ws.col.Destination -e _ws.col.Protocol -E header=n -E separator=, -E occurrence=f
if i use test the column protocol is 0x8892
if i use root then the result is PNIO_PS
my command is is:
if i use test the column protocol is 0x8892
if i use root then the result is PNIO_PS
in linux environment my command is:
tshark -r test.pcapng -Y "eth.addr==00:60:65:16:4f:22 && eth.addr==20:87:56:77:a5:97" -T fields -e _ws.col.Source -e _ws.col.Destination -e _ws.col.Protocol -E header=n -E separator=, -E occurrence=f
if i use test
user/test
the column protocol is 0x8892
if i use root user/root then the result is PNIO_PS
in linux environment
my command is: environment
tshark -r test.pcapng -Y "eth.addr==00:60:65:16:4f:22 && eth.addr==20:87:56:77:a5:97" -T fields -e _ws.col.Source -e _ws.col.Destination -e _ws.col.Protocol -E header=n -E separator=, -E occurrence=f
if user/test the column protocol is 0x8892
if i user/root then the result is PNIO_PS
[test@pekphispre03021 test]$ tshark -r test.pcapng -T fields -e _ws.col.Source -e _ws.col.Destination -e _ws.col.Protocol -E header=n -E separator=, -E occurrence=f RealtekS_68:0f:eb,Broadcast,ARP RealtekS_68:0f:eb,Broadcast,ARP RealtekS_68:0f:eb,Broadcast,ARP NewH3CTe_42:71:39,LLDP_Multicast,LLDP 00:f1:ca:00:c1:33,All-Stations-Address,0x0941 Raisecom_91:03:fd,Broadcast,ARP Raisecom_d8:32:c2,Broadcast,ARP RealtekS_68:0f:eb,Broadcast,ARP B&RIndus_16:4f:22,PN-MC_00:00:00,0x8892 Siemens_77:a5:97,B&RIndus_16:4f:22,0x8892 00:f1:ca:00:c1:33,All-Stations-Address,0x092c B&RIndus_48:5a:92,PN-MC_00:00:00,0x8892 B&RIndus_48:5a:92,PN-MC_00:00:00,0x8892 B&RIndus_48:5a:92,PN-MC_00:00:00,0x8892 B&RIndus_48:5a:92,PN-MC_00:00:00,0x8892 B&RIndus_48:5a:92,PN-MC_00:00:00,0x8892
[root@pekphispre03021 test]# tshark -r test.pcapng -T fields -e _ws.col.Source -e _ws.col.Destination -e _ws.col.Protocol -E header=n -E separator=, -E occurrence=f Running as user "root" and group "root". This could be dangerous. RealtekS_68:0f:eb,Broadcast,ARP RealtekS_68:0f:eb,Broadcast,ARP RealtekS_68:0f:eb,Broadcast,ARP NewH3CTe_42:71:39,LLDP_Multicast,LLDP 00:f1:ca:00:c1:33,All-Stations-Address,0x0941 Raisecom_91:03:fd,Broadcast,ARP Raisecom_d8:32:c2,Broadcast,ARP RealtekS_68:0f:eb,Broadcast,ARP B&RIndus_16:4f:22,PN-MC_00:00:00,PN-DCP Siemens_77:a5:97,B&RIndus_16:4f:22,PN-DCP 00:f1:ca:00:c1:33,All-Stations-Address,0x092c B&RIndus_48:5a:92,PN-MC_00:00:00,PN-DCP B&RIndus_48:5a:92,PN-MC_00:00:00,PN-DCP B&RIndus_48:5a:92,PN-MC_00:00:00,PN-DCP B&RIndus_48:5a:92,PN-MC_00:00:00,PN-DCP B&RIndus_48:5a:92,PN-MC_00:00:00,PN-DCP RealtekS_68:0f:eb,Broadcast,ARP NewH3CTe_42:71:39,LLDP_Multicast,LLDP B&RIndus_16:4f:22,Broadcast,ARP 10.168.185.12,10.168.185.40,PNIO-CM Siemens_77:a5:97,B&RIndus_16:4f:22,ARP Siemens_77:a5:97,B&RIndus_16:4f:22,PNIO_PS 10.168.185.40,10.168.185.12,PNIO-CM 10.168.185.12,10.168.185.40,PNIO-CM
in linux environment
if user/test
user/test the column protocol is 0x8892
if i user/root then the result is PNIO_PS
if i user/root then the result is PNIO_PS
Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.