This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Background:

My requirements are to analyze network traffic from pcap files and present data in a graphical format for quick consumption. Wireshark is the most common choice that is recommended by many to analyze data from pcap files, but its graphical capabilities are limited

What I would eventually want would be to extract data from pcap files in a understandable structure and then run statistical analysis on it depending on the requirements of my users.

When using wireshark, I found that it already provides a nice set of statistical analysis which I can make use of right away. But I have not found any menu option in wireshark to export these into some format of csv or txt.

I am able to export the entire packet/pcap file data as a txt file, and I could reconstruct the same statistics based on that. But since wireshark already has this in-built feature, I do not want re-invent it.

Does anyone of you know a way to achieve this?

Environment: Windows 7, C# 4.0 desktop client, VS2010

[Update]

I am interested in statistics like list of conversations, protocol hierarchy, summary

asked 29 Jan '13, 04:36

summerboy's gravatar image

summerboy
1113
accept rate: 0%

edited 29 Jan '13, 05:51


Have you looked at the statistics offered by tshark (the command line version of Wireshark)? You haven't specified which statistics you require, so look at the tshark man page, especially the -z options.

Edit:

You have specified stats of list of conversations, protocol hierarchy, summary. Options for these would be:

  • Conversations - use -z conv,type where type is the type of conversation, e.g. 'ip'.
  • Protocol Hierarchy - use -z io,phs
  • Summary - I think you'll have to use capinfos (found next to the wireshark executable)
permanent link

answered 29 Jan '13, 04:58

grahamb's gravatar image

grahamb ♦
19.8k330206
accept rate: 22%

edited 29 Jan '13, 07:35

Hello. Is there a way to get a CSV file with the output of tshark's -z conv,ip similar to the one I get in Wireshark->Statistics->Conversations->IP->Copy? Thank you!

(01 Mar '13, 13:36) hugosp
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×86
×76

question asked: 29 Jan '13, 04:36

question was seen: 5,771 times

last updated: 01 Mar '13, 13:36

p​o​w​e​r​e​d by O​S​Q​A