Wireshark-users: Re: [Wireshark-users] Need equivalent query

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Vinoth S <weknowth59@xxxxxxxxx>
Date: Fri, 26 Jan 2018 11:48:42 +0530


Hi Team,

Please find below software version details:

CentOS Linux release 7.4.1708(core)
[root@192 ~]# rpm -qi wireshark
Name        : wireshark
Version     : 1.10.14
Release     : 14.el7
Architecture: x86_64


Windows 8.1 - 64bit
Wireshark-win64-2.2.12.exe


PFA for reference from cent-os execution.

I could understand different OS and Software versions will give different output. 
In case software is my issue, then how can achieve same thing in cent-os?

My ultimate aim is to satisfy this condition : (dns.flags.response==1) and (dns.a) => dns request has got response and ipv4 address is not empty


Thanks in advance.


On Thu, Jan 25, 2018 at 7:22 PM, Jaap Keuter <jaap.keuter@xxxxxxxxx> wrote:
Hi,

Not unless you give us the Wireshark version installed on your CentOS platform.

On 25 Jan 2018, at 14:30, Vinoth S <weknowth59@xxxxxxxxx> wrote:

Hi Team,

I am working on few exploration using tshark. Please find below command where I am extracting few fields from .pcap file. It has been executed in windows.

tshark.exe -r sample.pcap -E separator=, -E header=y -E occurrence=f -T fields -e frame.time -e frame.time_epoch -e frame.len -e ip.src -e ip.dst -e dns.resp.name -e dns.resp.type -e dns.resp.class -e dns.flags.rcode -e dns.a "(dns.flags.response==1) and (dns.a)" > sample.csv

I have tried in centos, it's not working. May I know what is an issue in below command.

tshark -r sample.pcap -E separator=, -E header=y -E occurrence=f -T fields -e frame.time -e frame.time_epoch -e frame.len -e ip.src -e ip.dst -e dns.resp.name -e dns.resp.type -e dns.resp.class -e dns.flags.rcode -e dns.a '(dns.flags.response==1) and (dns.a)' > sample.csv

(dns.flags.response==1) and (dns.a) => dns request has got response and ipv4 address is not empty

If possible, please share equivalent command for centos.

Thanks,
S.Vinoth


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe



--
weknow(th)

Virus-free. www.avg.com

Attachment: CentOS-TShark.png
Description: PNG image