This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

How can I get packet size summary by tshark ?

1

I am using wireshark 1.6.11 on Fedora 17. I can see summary of packets grouped by their size from statistics --> packet lengths --> create state (without any filter)

Is there a way to get this on command line or any script that you might be aware of ?

I tried using various options with -z but no luck till now.

Thanks in advance.

asked 28 Nov '12, 01:23

nehaldattani's gravatar image

nehaldattani
21115
accept rate: 0%

edited 28 Nov '12, 01:23


One Answer:

2

with built-in commands:

tshark -nr input.pcap -T fields -e frame.len | sort -n | uniq -c

if your distribution supports gsl-histogram:

tshark -nr input.pcap -T fields -e frame.len | gsl-histogram 0 1500 30

Please check the man page of gsl-histogram for the options.

To install gsl-histogram, I had to run this command on Ubuntu: apt-get install gsl-bin.

If that's not exactly what you need, you could write a short script (perl/python).

Regards
Kurt

answered 28 Nov '12, 03:27

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

edited 28 Nov '12, 03:28

I got what I wanted. I think using sum with awk will give me the values in % . but thank you for pointing me in right direction.

(28 Nov '12, 03:49) nehaldattani