Get IP Address List from a PCAP/TcpDump File

Posted on 2011-10-28
Medium Priority
Last Modified: 2012-06-21
hi expert$

how i can get all IP Addresses used in a PCAP file, is there any display filter or work around.

Question by:osloboy
  • 4
  • 3
LVL 18

Expert Comment

by:Garry Glendown
ID: 37049096
On Unix, a quick solution could look like this: you could use tcpdump, reading from the pcap, and piping the output to something like this:

( tcpdump -n -r tst.pcap  | grep IP | cut -f 3 "-d " | cut -f1-4 -d.; tcpdump -n -r tst.pcap  | grep IP | cut -f 5 "-d " | cut -f1-4 -d. ) | sort -u

(there may be some certain output lines that are not filtered correctly, but in a pinch, it's probably easy to filter wrong lines out afterwards)

Alternatively, I guess you could use libpcap to write a program to do something similar ...

Author Comment

ID: 37049114
any idea for WireShark on windows
LVL 18

Accepted Solution

Garry Glendown earned 1600 total points
ID: 37049121
You could export the capture as a CSV, then use Excel etc. to boil down the IPs after some sorting ...
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!


Author Comment

ID: 37049124
hahaha, its gona be fun

no way we can sort out with in the WireShark
LVL 18

Expert Comment

by:Garry Glendown
ID: 37049131
Does the Wireshark Menu function Statistics -> Endpoint -> IPv4 do what you need?

Author Comment

ID: 37049138
Yes, thanks,

there is few IPs.

is these IPs related END Hosts or what?
LVL 71

Assisted Solution

Qlemo earned 400 total points
ID: 37051191
That IPs are all IPs occurring. They can be source or target of the capture. Your own machine's IP will hence occur there, too.

Author Closing Comment

ID: 37052689

Featured Post

Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as high-speed processing of the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you put your credit card number into a website for an online transaction, surely you know to look for signs of a secure website such as the padlock icon in the web browser or the green address bar.  This is one way to protect yourself from oth…
The Internet has made sending and receiving information online a breeze. But there is also the threat of unauthorized viewing, data tampering, and phoney messages. Surprisingly, a lot of business owners do not fully understand how to use security t…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
Suggested Courses

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question