Linux, FreeBSD, Juniper, Cisco / Network security articles and troubleshooting guides
Register
FAQ
It is currently Wed Dec 06, 2023 8:30 am

ROOT ‹ Networking ‹ TCPdump & Wireshark tips & tricks ‹ tshark: CLI command to read ip/tcp headers

TCPdump & Wireshark tips & tricks - Different how-tos and some information I find interesting about the two most famous traffic analysis tools.

Post a reply

tshark: CLI command to read ip/tcp headers

« Previous topic | Next topic »
Author Message
admin
Post  Post subject: tshark: CLI command to read ip/tcp headers  |  Posted: Wed May 25, 2016 11:07 am
Site Admin

Joined: Mon Aug 03, 2009 8:43 am
Posts: 104

Offline
 

tshark: CLI command to read ip/tcp headers

Code:
tshark -o tcp.relative_sequence_numbers:FALSE -V -r nat66-take2.pcap | less





"tshark" is a wireshark cli utility available on multiple systems. This example is taken from a Mac cli terminal.
Code:
tshark -o tcp.relative_sequence_numbers:FALSE -V -r nat66-take2.pcap | less
Frame 1: 94 bytes on wire (752 bits), 94 bytes captured (752 bits)
    Encapsulation type: Ethernet (1)
    Arrival Time: May 17, 2016 13:45:23.955177000 CEST
    [Time shift for this packet: 0.000000000 seconds]
    Epoch Time: 1463485523.955177000 seconds
    [Time delta from previous captured frame: 0.000000000 seconds]
    [Time delta from previous displayed frame: 0.000000000 seconds]
    [Time since reference or first frame: 0.000000000 seconds]
    Frame Number: 1
    Frame Length: 94 bytes (752 bits)
    Capture Length: 94 bytes (752 bits)
    [Frame is marked: False]
    [Frame is ignored: False]
    [Protocols in frame: eth:ethertype:ipv6:ipv6.nxt:ospf]
Ethernet II, Src: JuniperN_34:4c:01 (78:fe:3d:34:4c:01), Dst: IPv6mcast_05 (33:33:00:00:00:05)
    Destination: IPv6mcast_05 (33:33:00:00:00:05)
        Address: IPv6mcast_05 (33:33:00:00:00:05)
        .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
        .... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast)
    Source: JuniperN_34:4c:01 (78:fe:3d:34:4c:01)
        Address: JuniperN_34:4c:01 (78:fe:3d:34:4c:01)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
    Type: IPv6 (0x86dd)
Internet Protocol Version 6, Src: fe80::7afe:3dff:fe34:4c01 (fe80::7afe:3dff:fe34:4c01), Dst: ff02::5 (ff02::5)
    0110 .... = Version: 6
        [0110 .... = This field makes the filter "ip.version == 6" possible: 6]
    .... 1100 0000 .... .... .... .... .... = Traffic class: 0x000000c0
        .... 1100 00.. .... .... .... .... .... = Differentiated Services Field: Class Selector 6 (0x00000030)
        .... .... ..0. .... .... .... .... .... = ECN-Capable Transport (ECT): Not set
        .... .... ...0 .... .... .... .... .... = ECN-CE: Not set
    .... .... .... 0000 0000 0000 0000 0000 = Flowlabel: 0x00000000
    Payload length: 40
    Next header: OSPF IGP (89)
    Hop limit: 1
    Source: fe80::7afe:3dff:fe34:4c01 (fe80::7afe:3dff:fe34:4c01)
    [Source SA MAC: JuniperN_34:4c:01 (78:fe:3d:34:4c:01)]
    Destination: ff02::5 (ff02::5)
    [Source GeoIP: Unknown]
    [Destination GeoIP: Unknown]
Open Shortest Path First
    OSPF Header
        Version: 3
        Message Type: Hello Packet (1)
        Packet Length: 40
        Source OSPF Router: 10.75.3.1 (10.75.3.1)
        Area ID: 0.0.0.0 (0.0.0.0) (Backbone)
        Checksum: 0x4a1b [correct]
        Instance ID: IPv6 unicast AF (0)

_________________
VPSie - SSD VPS servers in AMS-IX, LINX, DE-CIX
https://vpsie.com



You might also be interested in:
Tcpdump - dump HTTP headers as ASCII and HEX.

Top
Display posts from previous:  Sort by  
 E-mail friendPrint view
Post a reply

Topics related to - "tshark: CLI command to read ip/tcp headers"
 Topics   Author   Replies   Views   Last post 
There are no new unread posts for this topic. Tcpdump - dump HTTP headers as ASCII and HEX

mandrei99

2

45138

Wed Jun 29, 2016 10:34 am

admin View the latest post

 

Who is online
Users browsing this forum: No registered users and 1 guest
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum
Jump to:  
cronNews News Site map Site map SitemapIndex SitemapIndex RSS Feed RSS Feed Channel list Channel list


ROOT ‹ Networking ‹ TCPdump & Wireshark tips & tricks
Delete all board cookies | The team | All times are UTC - 5 hours [ DST ]



phpBB SEO