Revision history [back]

Tshark command to output the original source and destination IPs of an icmp.type==3 code==4 packet.

I want to use a Tshark command to pick out the original icmp source and destination ip and dump it into a text file:

Example (shortened): No. Time Source Destination Protocol SrcPrt DstPrt Length Info 1 2019-02-26 15:33:43.297203 10.74.192.78 192.168.128.112 ICMP 34945 443 590 Destination unreachable (Fragmentation needed)

Internet Protocol Version 4, Src: 10.74.192.78, Dst: 192.168.128.112 Internet Control Message Protocol Type: 3 (Destination unreachable) Code: 4 (Fragmentation needed) Checksum: 0x8a3c [correct] [Checksum Status: Good] Unused: 0000 MTU of next hop: 1280 Internet Protocol Version 4, Src: 192.168.128.112, Dst: 36.92.190.198 <== I want these IP addresses dumped to a text file.

What Tshark command can I use to read in multiple files and only output the text source and IPs mentioned above?

Cheers,

Tshark command to output the original source and destination IPs of an icmp.type==3 code==4 packet.

I want to use a Tshark command to pick out the original icmp source and destination ip and dump it into a text file:

Example ~~(shortened):~~ (shortened):

No.     Time                          Source                Destination           Protocol SrcPrt DstPrt Length Info
      1 2019-02-26 15:33:43.297203    10.74.192.78          192.168.128.112       ICMP     34945  443    590    Destination unreachable (Fragmentation needed)
 needed)

Internet Protocol Version 4, Src: 10.74.192.78, Dst: 192.168.128.112
Internet Control Message Protocol
    Type: 3 (Destination unreachable)
    Code: 4 (Fragmentation needed)
    Checksum: 0x8a3c [correct]
    [Checksum Status: Good]
    Unused: 0000
    MTU of next hop: 1280
    Internet Protocol Version 4, Src: 192.168.128.112, Dst: 36.92.190.198 <== I want these IP addresses dumped to a text file.file.

What Tshark command can I use to read in multiple files and only output the text source and IPs mentioned above?

Cheers,