Background: My requirements are to analyze network traffic from pcap files and present data in a graphical format for quick consumption. Wireshark is the most common choice that is recommended by many to analyze data from pcap files, but its graphical capabilities are limited What I would eventually want would be to extract data from pcap files in a understandable structure and then run statistical analysis on it depending on the requirements of my users. When using wireshark, I found that it already provides a nice set of statistical analysis which I can make use of right away. But I have not found any menu option in wireshark to export these into some format of csv or txt. I am able to export the entire packet/pcap file data as a txt file, and I could reconstruct the same statistics based on that. But since wireshark already has this in-built feature, I do not want re-invent it. Does anyone of you know a way to achieve this? Environment: Windows 7, C# 4.0 desktop client, VS2010 [Update] I am interested in statistics like list of conversations, protocol hierarchy, summary asked 29 Jan '13, 04:36 summerboy edited 29 Jan '13, 05:51 |
One Answer:
Have you looked at the statistics offered by tshark (the command line version of Wireshark)? You haven't specified which statistics you require, so look at the tshark man page, especially the -z options. Edit: You have specified stats of list of conversations, protocol hierarchy, summary. Options for these would be:
answered 29 Jan '13, 04:58 grahamb ♦ edited 29 Jan '13, 07:35 |
Hello. Is there a way to get a CSV file with the output of tshark's -z conv,ip similar to the one I get in Wireshark->Statistics->Conversations->IP->Copy? Thank you!