Ask Your Question

wbenton's profile - activity

2019-12-14 14:40:32 +0000 commented answer Follow HTTP stream vs Follow TCP stream bug?

Makes sense. Thanks for the explanation.

2019-12-14 13:39:23 +0000 received badge  Commentator
2019-12-14 13:39:23 +0000 commented question Follow HTTP stream vs Follow TCP stream bug?

Further analysis of that file I previously mentioned, the problem ONLY seems to occur in streams 40, 41, 43, 45, 46 and

2019-12-14 13:05:13 +0000 commented question Follow HTTP stream vs Follow TCP stream bug?

The file came from an old Malware-Traffic-Analysis.net file. Zipped Sniffer File The zipped file is encrypted. The passw

2019-12-14 12:52:15 +0000 commented question Follow HTTP stream vs Follow TCP stream bug?

The file came from an old Malware-Traffic-Analysis.net file. link text The zipped file is encrypted. The password is [in

2019-12-13 04:33:45 +0000 answered a question handling 150mb pcaps

I used to work with massive 800MB captures... hundreds of them. You start using tshark for management like the followin

2019-12-13 00:31:07 +0000 asked a question Follow HTTP stream vs Follow TCP stream bug?

Follow HTTP stream vs Follow TCP stream bug? When I view HTTP streams vs TCP streams, the displayed content varies depen

2019-10-02 01:58:25 +0000 commented question No interface found (Windows 10 Build 1903)

Does this happen with both Admin and non-Admin users?

2019-08-14 00:56:14 +0000 answered a question What does tell between 2 ip adresses mean

This is an old question, but I think you mean "How do you tell the difference between 2 IP addresses"? Is that correct?

2019-08-14 00:34:56 +0000 answered a question Client /server outage

Is there a load balancer in front of your server? It sounds like one load balancer/or server might fail and clients att

2019-08-14 00:28:14 +0000 answered a question Wireshark not showing LAN

What are the 4 displayed options you do see? What Operating System are you using? Windows or Linux? Did you install PCAP

2019-03-03 11:49:56 +0000 marked best answer Tshark command to output the original source and destination IPs of an icmp.type==3 code==4 packet.

I want to use a Tshark command to pick out the original icmp source and destination ip and dump it into a text file:

Example (shortened):

No.     Time                          Source                Destination           Protocol SrcPrt DstPrt Length Info
      1 2019-02-26 15:33:43.297203    10.74.192.78          192.168.128.112       ICMP     34945  443    590    Destination unreachable (Fragmentation needed)

Internet Protocol Version 4, Src: 10.74.192.78, Dst: 192.168.128.112
Internet Control Message Protocol
    Type: 3 (Destination unreachable)
    Code: 4 (Fragmentation needed)
    Checksum: 0x8a3c [correct]
    [Checksum Status: Good]
    Unused: 0000
    MTU of next hop: 1280
    Internet Protocol Version 4, Src: 192.168.128.112, Dst: 36.92.190.198 <== I want these IP addresses dumped to a text file.

What Tshark command can I use to read in multiple files and only output the text source and IPs mentioned above?

Cheers,

2019-03-03 08:52:35 +0000 received badge  Rapid Responder
2019-03-03 08:52:35 +0000 answered a question Tshark command to output the original source and destination IPs of an icmp.type==3 code==4 packet.

Yes, I was looking for ip.src and ip.dst and your final answer [tshark -r icmp.code4.pcapng -T fields -E occurrence=l -e

2019-03-02 04:42:54 +0000 commented question Tshark command to output the original source and destination IPs of an icmp.type==3 code==4 packet.

It's the second instance of tcp.src & tcp.dst that I'm interested in... not the first instance. The one in the ICMP

2019-03-02 04:17:05 +0000 asked a question Tshark command to output the original source and destination IPs of an icmp.type==3 code==4 packet.

Tshark command to output the original source and destination IPs of an icmp.type==3 code==4 packet. I want to use a Tsha

2018-07-24 08:36:06 +0000 commented answer tshark packet counter maximum value

That sounds about right. I just dug up a screen capture of the counter from a few months ago and it showed 1,953,747,894

2018-07-24 00:38:01 +0000 commented answer tshark packet counter maximum value

I'm currently looking at the tshark packet counter and it shows 747,345,008 packets with 297,457 packets dropped! What

2018-07-23 07:44:59 +0000 answered a question wifi disconnects as wireshark starts

From the DOS prompt, go to the Wireshark directory {usually under C:\Program Files\Wireshark> unless you installed it

2018-07-23 07:10:06 +0000 asked a question tshark packet counter maximum value

tshark packet counter maximum value When using tshark to dump to large files (i.e. 1GBytes/file) and you want to capture