I ran tcpdump on my machine for longer than 10 seconds, with a filter of "icmp", and saw no ICMP traffic ICMP packets either indicate problems (which are, hopefully, rare on your network) or the result of information queries and pings (which may also be rare), so you simply might not have a lot of ICMP traffic. Perhaps what you need to change is the duration, for example, -a duration:120 to capture for 2 minutes, in order to see ICMP packets. The first command you typed, with -a duration:10, is the correct command for a duration of 10 seconds. Or, what do i need to change the command to save the icmp traffic to a file with given duration? These files tend to be very large and manually specifying the profile to use, opening the pcap, waiting for it to load, then specifying the output. One of the tasks I use Wireshark for is to convert pcap capture files to csv format for statistical and anomaly analysis by other programs. TShark will report captured packet counts, but it won't report a count of addresses, just the total number of packets. Command line packet dissection asked 2 hours ago. Lets say 10 count of icmp traffic for 10 different ip. However, if you don't run TShark with the -q flag, it should print out a running count of captured packets you should have seen that count with C:\Program Files\Wireshark>tshark.exe -f "icmp". However, this is Windows, so that doesn't work. Well, if this were a BSD-flavored UN*X, such as *BSD or OS X, you could type control-T and it'd report how many packets it'd captured. That command doesn't have a time limit, so if it runs for a longer period of time, perhaps that's long enough that some ICMP packets were sent or received.įor the above command, is there any way to know the wireshark has captured a particular count of icmp traffic with given list of ip? Try doing a "ping" command in another command window while you're running TShark if that captures packets, perhaps the problem is just that no ICMP traffic was sent or received during the 10 seconds that TShark was capturing. It lets you dive into captured traffic and analyze what is going on within a network. What "does not work" about it? Does it not write any packets to the file? If so, are you certain that there were ICMP packets to write? Wireshark is the world’s most widely used network protocol analyzer.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |