This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Plot time-series graph for number of TCP packets per 1 second. The X-axis should start with zero.

0

Anyone know how to do this, please help me. You can answer with any programming language such as Java, or programming R. Thank you in advance!!!

asked 29 Nov '13, 23:20

Eliza%20Rana's gravatar image

Eliza Rana
11458
accept rate: 0%

One Answer:

2

You can answer with any programming language

O.K. Then I choose Perl.

#!/usr/bin/perl

use GUI::Testing;


$wireshark_bin = which wireshark;
chomp($wireshark_bin);


$capture_file  = 'input.pcap';


if ($pid = fork()) {


parent process ….


wait while Wireshark is starting …


sleep(30);


get a GUI handle for Wireshark


$ws_handle = get_gui_handle($wireshark_bin);


get a handle for the IO Graph


$io_graph = $ws_handle.menu("Statistics::IO Graph");


$io_graph.tick_interval = "1";
$io_graph.pixel_per_tick = "5";
$io_graph.y_axis_unit = "packets/tick";
$io_graph.y_axis_scale = "auto";


set the display filter for graph 1.


Alternative filter: tcp.stream eq 2


Alternative filter: tcp.port eq 80


$io_graph.graph_1.filter = "tcp";


$io_graph.graph_1.style = "line";
$io_graph.graph_1.redraw();


$data = $io_graph.copy_data();


analyze_data($data);


} else {


child process


system("$wireshark_bin -nr $capture_file");
}


sub analyze_data {


my $data = shift;


print STDERR "Please write your own code to analyze the data\n";
print STDERR "like calculation of mean or median values\n";
}

Hint: ‘Listen’ to the code …..

Regards
Kurt

answered 30 Nov ‘13, 15:08

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

edited 30 Nov ‘13, 15:48

Thanks so much for ur help, Kurt!!! I will install Perl and try this code…I would like to ask u one more question:

I want to transform the pcap file to csv file by using tshark command, but I got “Access is denied”.

Here is what i wrote: tshark -r “d:\test.pcap” -T fields -e frame.time -e ip.proto -e frame.len -E header=y -E separator=, > “d:\file.csv”

(30 Nov ‘13, 21:02) Eliza Rana

Note: I want to transform only the following datas into csv format: - Timestamp - Protocol - Packet_length Timestamp must be with a format that we can understand. for example, 20/01/2013 00:00:00 And for protocol: I want to show only the top-level protocol such as TCP, UDP, etc.

(30 Nov ‘13, 21:03) Eliza Rana

“Access is denied”.

hm… if my Windows shows that message, it usually want’s to tell me that I am not allowed to read or write a file. Maybe your Windows is doing that too!?!

(01 Dec ‘13, 03:16) Kurt Knochner ♦

So what should i do kurt? Any other solution? Is what I wrote correct or not?

(01 Dec ‘13, 05:00) Eliza Rana

If I want to use tshark command in windows, do i have to install Cygwin or just use the cmd command prompt? I really don’t know about this.

(01 Dec ‘13, 05:05) Eliza Rana
2

No need for Cygwin to run tshark, it will run from a cmd prompt (or a PowerShell one).

(01 Dec ‘13, 08:45) grahamb ♦

Thanks so much grahamb…

(01 Dec ‘13, 22:15) Eliza Rana
showing 5 of 7 show 2 more comments