Yes, it is reading, not replaying.My mistake. I am specifying the fields with -e option. for example, the Target Address field(in icmpv6 header) in icmpv6 neighbor solicitaion message(icmpv6 type = 135) sent to solicited-node multicast address, i am specifying the filter as icmpv6.nd.ns.target_address. When this filter is used in wireshark GUI, it works. But in tshark, what all i can see is a nothing.
On Fri, Aug 3, 2012 at 3:30 PM, Guy Harris
<guy@xxxxxxxxxxxx> wrote:
On Aug 3, 2012, at 11:32 AM, naresh gudipudi wrote:
> I am using Tshark(version 1.2.11).
That's a very old version; we are no longer making bug-fix updates for Wireshark 1.2.x, so there may be limits on how much help we can provide.
> I am replaying the pcap files
What do you mean by "replaying"? When people talk about "replaying" a capture file, they're usually talking about using a program such as tcpreplay:
http://tcpreplay.synfin.net/
which reads the packets from the file and transmits them, perhaps with some changes, on a network. However:
> and writing some fields of various headers to a text file.
...writing fields to a text file isn't part of "replaying" in the sense above.
It sounds as if what you might be doing is *reading* the file, and writing out selected fields with the "-T fields" flag, and specifying the flags with "-e". Is that what you're talking about?
> I am able to write the fields of all headers except icmpv6. Nothing is being written if i specify icmpv6 fields.
"Specify" with "-e"? Which particular fields are you specifying? Are those fields actually in the packets in question (for example, open up the capture file with Wireshark and look at the ICMPv6 packets, to see whether the fields are present)?
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
