Parsing Pcap summary

Not within tshark -z io,stat (though I wish it could). It's doable with a script though.

The -z io,stat output will put all the capture file's statistics you're looking for into a single very long line and a "|" delimiter. There are a couple tricks to it though:

1. The output line changes depending on how many statistics you are querying. Every new metric adds one more line, so I just have a script use the number of metrics to predict the "stats line" that contains all the actual data you want.

2. The number of columns per metric you're trying to calculate is variable (eg: you'll get frame and byte counts with separate | delimiters if you query a normal display filter count, but you'll get a single field returned within one delimited cell if you query a function such as SUM or AVG. I actually solved this by always assuming there will be two field outputs per metric in the -z query, where a 'filler' metric will be added to my query just to make sure the "take every second field returned" rule in the script holds true.

I really do wish -z would just give a .csv output, though. People who forego the GUI to write out a longhand -z query are likely not the sort who would want pretty ASCII text output. Likely, they're using tshark because they want to automate it and the output makes it inherently more difficult for it to be used for that purpose.

Edit: For reference, at least for the -z io,stat to be an option here I've submitted bug/feature request 10759. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10759