Re: Need equivalent query

[Vinoth S <weknowth59 () gmail com>]

Hi Team,

Please find below software version details:

CentOS Linux release 7.4.1708(core)
[root@192 ~]# rpm -qi wireshark
Name        : wireshark
Version     : 1.10.14
Release     : 14.el7
Architecture: x86_64


Windows 8.1 - 64bit
Wireshark-win64-2.2.12.exe


PFA for reference from cent-os execution.

I could understand different OS and Software versions will give different
output.
In case software is my issue, then how can achieve same thing in cent-os?

My ultimate aim is to satisfy this condition : *(dns.flags.response==1) and
(dns.a)* => dns request has got response and ipv4 address is not empty


Thanks in advance.


On Thu, Jan 25, 2018 at 7:22 PM, Jaap Keuter <jaap.keuter () xs4all nl> wrote:

> Hi,
>
> Not unless you give us the Wireshark version installed on your CentOS
> platform.
>
> On 25 Jan 2018, at 14:30, Vinoth S <weknowth59 () gmail com> wrote:
>
> Hi Team,
>
> I am working on few exploration using tshark. Please find below command
> where I am extracting few fields from .pcap file. It has been executed in
> windows.
>
> tshark.exe -r sample.pcap -E separator=, -E header=y -E occurrence=f -T
> fields -e frame.time -e frame.time_epoch -e frame.len -e ip.src -e ip.dst
> -e dns.resp.name -e dns.resp.type -e dns.resp.class -e dns.flags.rcode -e
> dns.a "(dns.flags.response==1) and (dns.a)" > sample.csv
>
> I have tried in centos, it's not working. May I know what is an issue in
> below command.
>
> tshark -r sample.pcap -E separator=, -E header=y -E occurrence=f -T fields
> -e frame.time -e frame.time_epoch -e frame.len -e ip.src -e ip.dst -e
> dns.resp.name -e dns.resp.type -e dns.resp.class -e dns.flags.rcode -e
> dns.a '(dns.flags.response==1) and (dns.a)' > sample.csv
>
> *(dns.flags.response==1) and (dns.a)* => dns request has got response and
> ipv4 address is not empty
>
> If possible, please share equivalent command for centos.
>
> Thanks,
> S.Vinoth
>
>
>
> ____________________________________________________________
> _______________
> Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
> Archives:    https://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
>              mailto:wireshark-users-request () wireshark org?subject=
> unsubscribe



-- 
weknow(th)

<http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail>
Virus-free.
www.avg.com
<http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail>
<#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe