Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I am able to read/replay all the headers and fields with tshark until hitting IPv6 header (ethernet header & IPv6 header), but when I am trying to replay the pcap files to read icmpv6 fields, nothing is being displayed of those fields.
Is this a bug of tshark? Is there any alternative tool to read all the fields in all headers of a packet?
The version of tshark I am using is 1.2.11
Bro is a network traffic analysis tool with full IPv6 support, whereas tshark seems to struggle with IPv6. In Bro, you can get connection summaries by running it on a trace as follows:
and inspect the resulting file
conn.login the same directory. You may find the accompanying toolbro-cuthelpful to extract only a subset of the columns, e.g.,would extract the connection 5-tuple and print it to STDOUT, so that you can continue processing it with your favorite text munching tool.