Yes, it is reading, not replaying.My mistake. I am specifying the fields with -e option. for example, the Target Address field(in icmpv6 header) in icmpv6 neighbor solicitaion message(icmpv6 type = 135) sent to solicited-node multicast address, i am specifying the filter as icmpv6.nd.ns.target_address. When this filter is used in wireshark GUI, it works. But in tshark, what all i can see is a nothing.
On Fri, Aug 3, 2012 at 3:30 PM, Guy Harris <[email protected]> wrote: > > On Aug 3, 2012, at 11:32 AM, naresh gudipudi wrote: > > > I am using Tshark(version 1.2.11). > > That's a very old version; we are no longer making bug-fix updates for > Wireshark 1.2.x, so there may be limits on how much help we can provide. > > > I am replaying the pcap files > > What do you mean by "replaying"? When people talk about "replaying" a > capture file, they're usually talking about using a program such as > tcpreplay: > > http://tcpreplay.synfin.net/ > > which reads the packets from the file and transmits them, perhaps with > some changes, on a network. However: > > > and writing some fields of various headers to a text file. > > ...writing fields to a text file isn't part of "replaying" in the sense > above. > > It sounds as if what you might be doing is *reading* the file, and writing > out selected fields with the "-T fields" flag, and specifying the flags > with "-e". Is that what you're talking about? > > > I am able to write the fields of all headers except icmpv6. Nothing is > being written if i specify icmpv6 fields. > > "Specify" with "-e"? Which particular fields are you specifying? Are > those fields actually in the packets in question (for example, open up the > capture file with Wireshark and look at the ICMPv6 packets, to see whether > the fields are present)? > ___________________________________________________________________________ > Sent via: Wireshark-dev mailing list <[email protected]> > Archives: http://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev > mailto:[email protected] > ?subject=unsubscribe >
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
