NIoSaT's profile - activity

overview network karma followed questions activity

2022-07-24 10:54:09 +0000	received badge	● Notable Question (source)
2021-06-26 12:05:11 +0000	received badge	● Popular Question (source)
2020-01-05 13:12:25 +0000	marked best answer	TShark CSV export problem Hello, I am using tshark to export a pcap to a csv. The command looks like this (I have many more fields that I want to export, I removed them here to make it shorter): `tshark -r recording.pcap -T fields -e ip.proto -e ipv6.nxt -e frame.number -e frame.time_relative -e ... -E header=y -E separator=, -E quote=d > out.csv` This works for the most part and I get output lines in my CSV as I would expect them `"6",,"2552","53.591729000","Jan 25, 2011 19:53:16.076138000 CET","936","936","00:1a:8c:15:f9:80","40:61:86:9a:f1:f5","66.235.139.121","192.168.3.131",,,"80","56126","3233954145",,` But some lines in my CSV are "borken" like this `"1,1",,"5583","2.171949000","Feb 26, 2013 23:02:38.125121000 CET","70","70","00:90:7f:3e:02:d0","00:90:fb:34:44:24","68.85.69.49,172.16.133.109","172.16.133.109,64.30.236.34",,,,,,,` As you can see the protocol number (1) is there twice and the ip addresses are also "doubled"... When I look at this packet in wireshark I can see that it is an ICMP packet and from 68.85.69.49 to 172.16.133.109. It seems that tshark has somehow "merged" two packets into on row. Sometimes its even worse with 5 or more. I used this export technique before and it always worked as expected. Is there anything I could do about this? I used the smallFlows.pcap and bigFlows.pcap from here
2020-01-05 13:12:25 +0000	received badge	● Scholar (source)
2020-01-05 12:53:28 +0000	commented answer	TShark CSV export problem Oh I never noticed this before. Wireshark handles it like I would expect: Source and Destination are a single IP and al
2020-01-04 16:26:24 +0000	asked a question	TShark CSV export problem TShark CSV export problem Hello, I am using tshark to export a pcap to a csv. The command looks like this (I have many