I am trying to figure how to output what was the bandwidth useage at the time the packets were logged. This is what my command line looks like. tshark -nr 3.pcap -T fields -E separator=, -E header=y -e frame.number -e frame.time -e frame.len -e eth.type -e eth.src -e eth.dst -e ip.len -e ip.id -e ip.flags -e ip.dst -e ip.src -e ip.proto -e ip.ttl >3.csv What do I need to enter to get bandwidth or do I have make something in excel do it? asked 03 May '13, 13:11  spanky55amg |
One Answer:
There is a similar tool in tshark.
That will print a similar overview as the Endpoint statistics (see tshark man page for more statistics options). However it does not print the throughput. As it does print the duration and the amount of bytes it is easy to calculate the throughput. If you need a time series of the throughput, exel or gnuplot are your friends. Plot the fields frame.number and ip.len for a certain stream. Regards answered 03 May '13, 14:16  Kurt Knochner ♦ edited 03 May '13, 14:16 I was looking at that too. Thats why I wondered if I could get something like that out on a csv. (03 May '13, 14:26) spanky55amg 1 perl/python/lua and/or Excel will extract whatever you need/want from that csv ;-) (03 May '13, 14:31) Kurt Knochner ♦ |
More specifically... How do I get bytes? If I can go into Statisitcs > Endpoints> IPv4 and see the bytes, how do I get that from the command line? Total perfered but maybe with Tx and Rx bytes too.