However, in that case, what sort will be sorting, and uniq will be checking for uniqueness and counting with -c, are pairs of source and destination addresses. So you should next pipe the output of tshark to sort. Repeated lines in the input will not be detected if they are not adjacent, so it may be necessary to sort the files first. To quote the uniq man page on my machine: Which will, for an Ethernet capture, print, for each packet, the source and destination MAC addresses for the packets, with a comma between them. ![]() ![]() You could, for example, do tshark -r mypcap.pcap -T fields -E separator=, -e eth.src -e eth.dst Wireshark's TShark command-line utility will probably work better, as it allows more control over the output format of packets.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |