Ask Your Question

Zahra's profile - activity

2019-10-03 14:35:54 +0000 marked best answer How to specify that tshark shows packets' protocol at transport layer not application layer?

Hi,

I want to make decision on packet based on their transport layer protocol (Whether it is TCP or UDP). Now I do it by checking whether the tcp.srcport is set or not. How can I change the protocols layer shown in _ws.col.Protocol to transport layer instead of application layer in the output of the following command?

tshark -r  capture.pcap  -T fields -E separator=, -e frame.number -e frame.time_epoch -e ip.src -e ip.dst -e frame.len -e _ws.col.Protocol -E header=y -E quote=d -E occurrence=f > capture.csv

According to tshark manpage, It seems that -j or -J option do something similar to what I needed, but I couldn't find such example.

2019-10-03 14:35:53 +0000 received badge  Commentator
2019-10-03 14:35:53 +0000 commented answer How to specify that tshark shows packets' protocol at transport layer not application layer?

Thanks, ip.proto works in my case.

2019-10-03 13:40:51 +0000 asked a question How to specify that tshark shows packets' protocol at transport layer not application layer?

How to specify that tshark shows packets' protocol at transport layer not application layer? Hi, I want to make decisio

2019-09-26 08:46:27 +0000 commented answer How to convert TcpDump output to Pcap

Thanks for the tip.

2019-09-25 11:46:19 +0000 commented answer How to convert TcpDump output to Pcap

Thanks for your support , I have asked my question at stackoverflow

2019-09-24 07:04:26 +0000 commented answer How to convert TcpDump output to Pcap

I have updated my question with the code I have written, can you help me with that?

2019-09-23 20:08:11 +0000 commented answer How to convert TcpDump output to Pcap

I have updates my question with the code I have written, code you help me with that?

2019-09-23 20:06:53 +0000 received badge  Editor (source)
2019-09-23 20:06:53 +0000 edited question How to convert TcpDump output to Pcap

How to convert TcpDump output to Pcap Previously, I have converted some TcpDump output as text to Pcap file with your he

2019-09-22 06:52:56 +0000 commented answer How to convert TcpDump output to Pcap

Thanks, I'll come back to you when I have written the script.

2019-09-21 11:50:40 +0000 commented answer How to convert TcpDump output to Pcap

Unfortunately, I found out about the problem with captured file, when it was too late. Now, I want to generate a pcap fi

2019-09-21 11:41:49 +0000 commented question How to convert TcpDump output to Pcap

@Spooky They are some traffic captured in past, and I wana to have some pcap for them.

2019-09-20 19:13:08 +0000 asked a question How to convert TcpDump output to Pcap

How to convert TcpDump output to Pcap Previously, I have converted some TcpDump output as text to Pcap file with your he

2019-09-08 15:30:09 +0000 received badge  Famous Question (source)
2019-09-08 15:30:09 +0000 received badge  Notable Question (source)
2019-01-16 09:52:00 +0000 received badge  Famous Question (source)
2019-01-16 09:52:00 +0000 received badge  Notable Question (source)
2019-01-16 09:52:00 +0000 received badge  Popular Question (source)
2018-06-12 00:53:56 +0000 received badge  Popular Question (source)
2018-03-06 15:05:19 +0000 received badge  Famous Question (source)
2018-03-06 15:05:19 +0000 received badge  Notable Question (source)
2018-01-09 23:45:46 +0000 received badge  Popular Question (source)
2017-12-11 19:05:04 +0000 commented question Is it possible that wireshark doesn't recognize protocol?

@Uli. Yes TCP, SSL, and SSLv2, SSLv3. Also, it marks the packet as TCP when tcp.len>0 and is TCP segment of reassembl

2017-12-11 14:57:47 +0000 commented question Is it possible that wireshark doesn't recognize protocol?

Yes TCP, SSL, and SSLv2, SSLv3. Also, it marks the packet as TCP when tcp.len>0 and is TCP segment of reassembled PDU

2017-12-11 11:27:48 +0000 asked a question Is it possible that wireshark doesn't recognize protocol?

Is it possible that wireshark doesn't recognize protocol? I have some encrypted traffic but, for the same source and des

2017-11-23 18:48:00 +0000 marked best answer filtering out protocol, sequence number, and ack using tshark

How can I filter out the protocol, sequence number, and ack using tshark? I could filter out other options as follow:

tshark -r traffic.pcap -T fields -E separator=, -e frame.number -e frame.time_epoch -e ip.src -e ip.dst -e tcp.srcport -e tcp.dstport  -e frame.len -e tcp.flags  -e _ws.col.Info -E header=y -E quote=d -E occurrence=f
2017-11-23 18:48:00 +0000 received badge  Scholar (source)
2017-11-23 16:51:13 +0000 asked a question filtering out protocol, sequence number, and ack using tshark

filtering out protocol, sequence number, and ack using tshark How can I filter out the protocol, sequence number, and a

2017-11-17 20:54:25 +0000 commented answer How to filter out TCP retransmissions

could you help me with it? how should I check them myself?

2017-11-17 16:40:14 +0000 commented answer How to filter out TCP retransmissions

The captured traffic isn't in the readable format of the Wireshark. I have just the header of the captured traffic as th

2017-11-17 15:58:21 +0000 asked a question How to filter out TCP retransmissions

How to filter out TCP retransmissions I have the tcp and ip header of some captured traffic as follow: 1510103571.96303