Revision history [back]
Tshark command to output the original source and destination IPs of an icmp.type==3 code==4 packet.
I want to use a Tshark command to pick out the original icmp source and destination ip and dump it into a text file:
Example (shortened):
No. Time Source Destination Protocol SrcPrt DstPrt Length Info
1 2019-02-26 15:33:43.297203 10.74.192.78 192.168.128.112 ICMP 34945 443 590 Destination unreachable (Fragmentation needed)
Internet Protocol Version 4, Src: 10.74.192.78, Dst: 192.168.128.112
Internet Control Message Protocol
Type: 3 (Destination unreachable)
Code: 4 (Fragmentation needed)
Checksum: 0x8a3c [correct]
[Checksum Status: Good]
Unused: 0000
MTU of next hop: 1280
Internet Protocol Version 4, Src: 192.168.128.112, Dst: 36.92.190.198 <== I want these IP addresses dumped to a text file.
What Tshark command can I use to read in multiple files and only output the text source and IPs mentioned above?
Cheers,
Tshark command to output the original source and destination IPs of an icmp.type==3 code==4 packet.
I want to use a Tshark command to pick out the original icmp source and destination ip and dump it into a text file:
Example (shortened):
(shortened):
No. Time Source Destination Protocol SrcPrt DstPrt Length Info
1 2019-02-26 15:33:43.297203 10.74.192.78 192.168.128.112 ICMP 34945 443 590 Destination unreachable (Fragmentation needed)
needed) Internet Protocol Version 4, Src: 10.74.192.78, Dst: 192.168.128.112
Internet Control Message Protocol
Type: 3 (Destination unreachable)
Code: 4 (Fragmentation needed)
Checksum: 0x8a3c [correct]
[Checksum Status: Good]
Unused: 0000
MTU of next hop: 1280
Internet Protocol Version 4, Src: 192.168.128.112, Dst: 36.92.190.198 <== I want these IP addresses dumped to a text file.
What Tshark command can I use to read in multiple files and only output the text source and IPs mentioned above?
Cheers,