On Aug 3, 2012, at 11:32 AM, naresh gudipudi wrote:
> I am using Tshark(version 1.2.11).
That's a very old version; we are no longer making bug-fix updates for Wireshark 1.2.x, so there may be limits on how much help we can provide.
> I am replaying the pcap files
What do you mean by "replaying"? When people talk about "replaying" a capture file, they're usually talking about using a program such as tcpreplay:
http://tcpreplay.synfin.net/
which reads the packets from the file and transmits them, perhaps with some changes, on a network. However:
> and writing some fields of various headers to a text file.
...writing fields to a text file isn't part of "replaying" in the sense above.
It sounds as if what you might be doing is *reading* the file, and writing out selected fields with the "-T fields" flag, and specifying the flags with "-e". Is that what you're talking about?
> I am able to write the fields of all headers except icmpv6. Nothing is being written if i specify icmpv6 fields.
"Specify" with "-e"? Which particular fields are you specifying? Are those fields actually in the packets in question (for example, open up the capture file with Wireshark and look at the ICMPv6 packets, to see whether the fields are present)?
