Wireshark mailing list archives
Re: Wireshark-users Digest, Vol 122, Issue 4
From: noah davids <ndav1 () cox net>
Date: Sun, 24 Jul 2016 06:36:20 -0700
On 07/23/2016 05:00 AM, wireshark-users-request () wireshark org wrote:
Message: 2 Date: Fri, 22 Jul 2016 09:33:54 -0400 From: tficarra <tim.ficarra () mzeal com> To: wireshark-users () wireshark org Subject: [Wireshark-users] Multiple Comma Delimited IPs in ip.src field Message-ID: <1469194434.22340.8.camel@mzeal-Lenovo-Z710> Content-Type: text/plain; charset="UTF-8" Hi, When running tshark, I occasionally see instances where fields contain comma delimited lists of values. For example, an ip.src field delimited by pipe may contain two ips: 192.168.1.1,8.8.8.8. I am not sure how to interpret this output. I am running tshark as follows: sudo tshark -i eth0 -l -E separator='|' -T fields -e frame.time_epoch -e ip.src -e ip.dst -e udp.srcport -e udp.dstport -e tcp.srcport -e tcp.dstport -e dns.flags.response -e dns.qry.name -e dns.flags.rcode -e ip.proto -e dns.resp.addr -e frame.time_delta_displayed -e ip.len -e tcp.flags -e eth.src -e eth.dst -e frame.len -e http.request -e http.response In some instances I receive output akin to the following: 1469188329.151229000|192.168.1.113,8.8.8.6|8.8.8.6,192.168.1.113|53| 39389|||1|daisy.ubuntu.com|0|1,17|162.213.33.133,162.213.33.164| 0.000249000|122,94||00:25:90:df:ff:52|ec:bd:1d:2d:bc:77|136 Input would be greatly appreciated. Thanks, Tim Ficarra
You have captured an ICMP packet. The protocol values |1,17| show that the first protocol is ICMP (1) and the second is UDP (17). If you display icmp.type and icmp.code you can see what type of ICMP message.
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- Re: Wireshark-users Digest, Vol 122, Issue 4 noah davids (Jul 24)