Wireshark mailing list archives

Re: Tshark usage in replaying icmpv6 messages

From: naresh gudipudi <naresh.iiita () gmail com>
Date: Fri, 3 Aug 2012 15:39:36 -0400

Yes, it is reading, not replaying.My mistake. I am specifying the fields
with -e option. for example, the Target Address field(in icmpv6 header) in
icmpv6 neighbor solicitaion message(icmpv6 type = 135) sent to
solicited-node multicast address, i am specifying the filter
as icmpv6.nd.ns.target_address. When this filter is used in wireshark GUI,
it works. But in tshark, what all i can see is a nothing.



On Fri, Aug 3, 2012 at 3:30 PM, Guy Harris <guy () alum mit edu> wrote:


On Aug 3, 2012, at 11:32 AM, naresh gudipudi wrote:

I am using Tshark(version 1.2.11).


That's a very old version; we are no longer making bug-fix updates for
Wireshark 1.2.x, so there may be limits on how much help we can provide.

I am replaying the pcap files


What do you mean by "replaying"?  When people talk about "replaying" a
capture file, they're usually talking about using a program such as
tcpreplay:

        http://tcpreplay.synfin.net/

which reads the packets from the file and transmits them, perhaps with
some changes, on a network.  However:

and writing some fields of various headers to a text file.


...writing fields to a text file isn't part of "replaying" in the sense
above.

It sounds as if what you might be doing is *reading* the file, and writing
out selected fields with the "-T fields" flag, and specifying the flags
with "-e".  Is that what you're talking about?

I am able to write the fields of all headers except icmpv6. Nothing is

being written if i specify icmpv6 fields.

"Specify" with "-e"?  Which particular fields are you specifying?  Are
those fields actually in the packets in question (for example, open up the
capture file with Wireshark and look at the ICMPv6 packets, to see whether
the fields are present)?
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org
?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread:

Tshark usage in replaying icmpv6 messages naresh gudipudi (Aug 03)
- Re: Tshark usage in replaying icmpv6 messages Guy Harris (Aug 03)
  - Re: Tshark usage in replaying icmpv6 messages naresh gudipudi (Aug 03)
    - Re: Tshark usage in replaying icmpv6 messages Guy Harris (Aug 03)