Revision history [back]

Revision 10

updated 2019-02-15 00:25:07 +0000

how to use tshark to divide a packet into several records?

I have encountered a problem where I used tshark to extract a packet like that:

Internet Protocol Version 4, Src: 192.168.0.33, Dst: 192.168.0.15
Transmission Control Protocol, Src Port: 179, Dst Port: 2124, Seq: 49, Ack: 265
Border Gateway Protocol - UPDATE Message
    ...
    Path attributes
        ...
        Path Attribute - AS_PATH: 1 2
        ...
Border Gateway Protocol - UPDATE Message
    ...
    Path attributes
        ...
        Path Attribute - AS_PATH: 1 3
        ...
Border Gateway Protocol - UPDATE Message
    ...
    Path attributes
        ...
        Path Attribute = AS_PATH: 2 4
        ...

when I use a command like tshark -r a.cap -e bgp.update.path_attribute.as_path_segment.as4 ..., I get a result like "1 2 1 3 2 4", which is not what I want. I am confused how to use tshark so that I can get results like "1 2","1 3","2 4" as three records?

Revision 9

godbless2you

updated 2019-02-15 00:22:34 +0000

how to use tshark to divide a packet into several records?

I have encountered a problem where I used tshark to extract a packet like that:

Internet Protocol Version 4, Src: 192.168.0.33, Dst: 192.168.0.15
Transmission Control Protocol, Src Port: 179, Dst Port: 2124, Seq: 49, Ack: 265
Border Gateway Protocol - UPDATE Message
    ...
    Path attributes
        ...
        Path Attribute - AS_PATH: 1 2
        ...
Border Gateway Protocol - UPDATE Message
    ...
    Path attributes
        ...
        Path Attribute - AS_PATH: 1 3
        ...
Border Gateway Protocol - UPDATE Message
    ...
    Path attributes
        ...
        Path Attribute = AS_PATH: 2 4
        ...

Revision 8

godbless2you

updated 2019-02-15 00:21:23 +0000

how to use tshark to divide a packet into several records?

I have encountered a problem where I used tshark to extract a packet like that:

Internet Protocol Version 4, Src: 192.168.0.33, Dst: 192.168.0.15
Transmission Control Protocol, Src Port: 179, Dst Port: 2124, Seq: 49, Ack: 265
Border Gateway Protocol - UPDATE Message
    ...
    Path attributes
        ...
        Path Attribute - AS_PATH: 1 2
        ...
Border Gateway Protocol - UPDATE Message
    ...
    Path attributes
        ...
        Path Attribute - AS_PATH: 1 3
        ...
Border Gateway Protocol - UPDATE Message
    ...
    Path attributes
        ...
        Path Attribute = AS_PATH: 2 4
        ...

Revision 7

godbless2you

updated 2019-02-14 11:46:42 +0000

how to use tshark to divide a packet into several records?

I have encountered a problem where I used tshark to extract a packet like that:

Internet Protocol Version 4, Src: 192.168.0.33, Dst: 192.168.0.15
Transmission Control Protocol, Src Port: 179, Dst Port: 2124, Seq: 49, Ack: 265
Border Gateway Protocol - UPDATE Message
    ...
    Path attributes
        ...
        Path Attribute - AS_PATH: 1 2
        ...
Border Gateway Protocol - UPDATE Message
    ...
    Path attributes
        ...
        Path Attribute - AS_PATH: 1 3
        ...
Border Gateway Protocol - UPDATE Message
    ...
    Path attributes
        ...
        Path Attribute = AS_PATH: 2 4
        ...

Revision 6

godbless2you

updated 2019-02-14 07:56:16 +0000

how to use tshark to divide a packet into several records?

I have encountered a problem where I used tshark to extract a packet like that:

Internet Protocol Version 4, Src: 192.168.0.33, Dst: 192.168.0.15
Transmission Control Protocol, Src Port: 179, Dst Port: 2124, Seq: 49, Ack: 265
Border Gateway Protocol - UPDATE Message
    ...
    Path attributes
        ...
        Path Attribute - AS_PATH: 1 2
        ...
Border Gateway Protocol - UPDATE Message
    ...
    Path attributes
        ...
        Path Attribute - AS_PATH: 1 3
        ...
Border Gateway Protocol - UPDATE Message
    ...
    Path attributes
        ...
        Path Attribute = AS_PATH: 2 4
        ...

Revision 5

godbless2you

updated 2019-02-14 07:46:07 +0000

how to use tshark to divide a packet into several records?

I have encountered a problem where I used tshark to extract a packet like that:

Internet Protocol Version 4, Src: 192.168.0.33, Dst: 192.168.0.15
Transmission Control Protocol, Src Port: 179, Dst Port: 2124, Seq: 49, Ack: 265
Border Gateway Protocol - UPDATE Message
    ...
    Path attributes
        ...
        Path Attribute - AS_PATH: 1 2
        ...
Border Gateway Protocol - UPDATE Message
    ...
    Path attributes
        ...
        Path Attribute - AS_PATH: 1 3
        ...
Border Gateway Protocol - UPDATE Message
    ...
    Path attributes
        ...
        Path Attribute = AS_PATH: 2 4
        ...

Revision 4

godbless2you

updated 2019-02-14 01:12:49 +0000

how to use tshark to divide a packet into several records?

I have encountered a problem where I used tshark to extract a packet like that:

Internet Protocol Version 4, Src: 192.168.0.33, Dst: 192.168.0.15
Transmission Control Protocol, Src Port: 179, Dst Port: 2124, Seq: 49, Ack: 265
Border Gateway Protocol - UPDATE Message
    ...
    Path attributes
        ...
        Path Attribute - AS_PATH: 1 2
        ...
Border Gateway Protocol - UPDATE Message
    ...
    Path attributes
        ...
        Path Attribute - AS_PATH: 1 3
        ...
Border Gateway Protocol - UPDATE Message
    ...
    Path attributes
        ...
        Path Attribute = AS_PATH: 2 4
        ...

Revision 3

23.8k

grahamb

updated 2019-02-13 13:52:13 +0000

how to use tshark to divide a packet into several records?

I have encountered a problem where I used tshark to extract a packet like that:

Internet Protocol Version 4, Src: 192.168.0.33, Dst: 192.168.0.15
Transmission Control Protocol, Src Port: 179, Dst Port: 2124, Seq: 49, Ack: 265
Border Gateway Protocol - UPDATE Message
    ...
    Path attributes
        ...
        Path Attribute - AS_PATH: 1 2
        ...
Border Gateway Protocol - UPDATE Message
    ...
    Path attributes
        ...
        Path Attribute - AS_PATH: 1 3
        ...
Border Gateway Protocol - UPDATE Message
    ...
    Path attributes
        ...
        Path Attribute = AS_PATH: 2 4
        ...

Revision 2

godbless2you

updated 2019-02-13 13:00:09 +0000

how to use tshark to divide a packet into several records?

I have encountered a problem where I used tshark to extract a packet like that:

Internet Protocol Version 4, Src: 192.168.0.33, Dst: 192.168.0.15 192.168.0.15 Transmission Control Protocol, Src Port: 179, Dst Port: 2124, Seq: 49, Ack: 265 265 Border Gateway Protocol - UPDATE Message ... Path attributes ... Message ... Path attributes ... Path Attribute - AS_PATH: 1 2 ... 2 ... Border Gateway Protocol - UPDATE Message ... Path attributes ... Message ... Path attributes ... Path Attribute - AS_PATH: 1 3 ... 3 ... Border Gateway Protocol - UPDATE Message ... Path attributes ... Message ... Path attributes ... Path Attribute = AS_PATH: 2 4 ...
4
...

when I use a command like ~~tshark~~ "tshark -r a.cap -e bgp.update.path_attribute.as_path_segment.as4 ..., ...", I get a result like "1 2 1 3 2 4", which is not what I want. I am confused how to use tshark so that I can get results like "1 2","1 3","2 4" as three records?

Revision 1

godbless2you

asked 2019-02-13 12:59:08 +0000

how to use tshark to divide a packet into several records?

I have encountered a problem where I used tshark to extract a packet like that:

Internet Protocol Version 4, Src: 192.168.0.33, Dst: 192.168.0.15
Transmission Control Protocol, Src Port: 179, Dst Port: 2124, Seq: 49, Ack: 265
Border Gateway Protocol - UPDATE Message
...
Path attributes
...
Path Attribute - = AS_PATH: 1 2
...
Border Gateway Protocol - UPDATE Message
...
Path attributes
...
Path Attribute - = AS_PATH: 1 3
...
Border Gateway Protocol - UPDATE Message
...
Path attributes
...
Path Attribute = AS_PATH: 2 4
...

when I use a command like "tshark -r a.cap -e bgp.update.path_attribute.as_path_segment.as4 ...", I get a result like "1 2 1 3 2 4", which is not what I want. I am confused how to use tshark so that I can get results like "1 2","1 3","2 4" as three records?