Simple command to dump all IPs from a PCAP using tshark (custom fields are RED):
tshark -nr sample.pcap ip awk '{print $3 ; $ 5 }' sort -n -t . -k 1,1 -k 2,2 -k 3,3 -k 4,4 uniq > output_file
By section:
- Summarize all IP traffic in the PCAP without resolving names or ports
- Print the source and destination IPs on separate lines (the ;)
- Sort the results appropriately for IP addresses (thanks to networking.ringofsaturn.com)
- Remove duplicates
- Redirect the output to a file
Showing posts with label tshark. Show all posts
Showing posts with label tshark. Show all posts
Sunday, August 23, 2009
Subscribe to:
Posts (Atom)