How can I configure tshark to display the OrgName of the source or destination IP?
This command produces empty lines
tshark -lq -T fields -e ip.geoip.src_org
and so does this command
tshark -lq -T fields -e whois.answer
Asked
Active
Viewed 163 times
1
user123456
- 520
- 1
- 4
- 13
1 Answers
2
The only solution found yet is to pipe IP to whois command:
jwhois is faster than whois (test it with time [cmd] )
#!/bin/bash
tshark -T fields -e ip.addr -E aggregator=" " -l| |sed "s/192.168.1.39//;s/^[ ]*//" | while read i
do
echo " "
echo "$i"
jwhois $i | grep -i 'orgname\|country\|netrange' | sed 's/^[ ]*//'
done
user123456
- 520
- 1
- 4
- 13