drowningincode
Reputation: 1225
Get all ips in PCAP file
I have a set of PCAP files and I need to retrieve all the ips. I found this link and have currently been using this command.
tshark_path + " -r " + infile + " -T fields -e ip.dst | sort | uniq
The problem is this seems to be very slow and also occasionally returns something that looks like this: 128.219.232.12,10.78.0.131. My question is if there is a better way to do this that will run quicker and be more accurate.
Also noteworthy, my code is in python.
Upvotes: 2
Views: 5780
Answers (2)
Charlie
Reputation: 11
Open Command prompt and go to tshark directory, for example:
cd C:\Program Files\Wireshark
tshark -nr input.pcap -T fields -e ip.src -e ip.dst -E separator=, > ouput.csv
Here you have to provide input.pcap file with directory and you will get output in CSV format.
Upvotes: 1
user684451
Reputation:
Take a look at TShark Statistics:
tshark -r test.pcapng -q -z ip_hosts,tree
Upvotes: 5
Related Questions
- Extract Unique IP sources from pcap file
- Wireshark PCAP file to csv
- how to get all the IP addresses that the pc communicating with
- How can I parse all the packets in my pcap file instead of one?
- How can I extract TCP header for all the packets from a pcap file?
- Is there a way I can read packets from a pcap file into an array?
- Problem with reading destination IP from pcap file
- How to print all destination ports and source ports in the PCAP file?
- Get IP addresses from PCAP file in scapy
- Ip list from captured pcap python