This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Display packet count when using tshark

0

I'm using dumpcap to capture packets. Typically looks like this:

$ dumpcap -i eth0 -a duration:1 -w test.pcap
Capturing on mon0
File: test.pcap
Packets captured: 63
Packets received/dropped on interface mon0: 63/0 (100.0%)

I put this into a script and would like to save the number of captured packets (63 in the example above) to a file. I can do it by using for example tshark, but that's not what I'm after. Just looking for something like wc -l that gives me the count of captured packets in the pcap file.

Any suggestions? Thanks!

/Z

asked 28 Apr '15, 19:38

SamA's gravatar image

SamA
117713
accept rate: 0%

2 Answers:

2

If you only want the packet count, after dumpcap completes, your script could run "capinfos -Trc test.pcap". If you don't want the filename displayed before the count value, you could further pipe the output to sed to remove the filename using an appropriate substitution string.

answered 28 Apr '15, 20:30

cmaynard's gravatar image

cmaynard ♦♦
9.4k1038142
accept rate: 20%

Thanks cmaynard. Useful!

(29 Apr '15, 05:17) SamA

0

Just found the answer myself:

capinfos test.pcap

does the trick!

answered 28 Apr '15, 20:13

SamA's gravatar image

SamA
117713
accept rate: 0%