My goal Use pre-existing capture files from Wireshark to extract data into a file that can be parsed by Excel or other style process.
Special settings: Tick interval = 1 or 10 seconds Y axes is measured in Bytes / Ticks view as time of day Select graph 1 and graph 2 buttons Copy data from graph into a text style file. I am trying to simulate manual interaction with Wireshark IO graph and the capture button. right now I am using the following:
The problem is I need wall clock time I would like to simulate the data generated by IO Chart in batch mode that would show Recorded Time, IP=dst, IP=src I need wall clock time so I can compare results on other activities within the lab. If I could have an output of the first and last entry based on wall time I could re-calc the back into something useful. v/r Brad M asked 15 Mar '16, 12:26  Brad M |
One Answer:
After searching thru about 5 years of posts I did come across one option that works tshark -t ad -q -z io,stat,10,ip.dst=10.0.2.15,ip==10.0.2.15 -nr myfile > hostname.io.performance.txt At least now I don't have to wait over 20 mins while playing with Wireshark to just extract performance data for each IP set that I am looking for. A bit more work in Excel to re-format the data . . . but nothing compared to the time waiting for a laptop to respond to clicks. answered 15 Mar '16, 13:32 Brad M edited 15 Mar '16, 13:35 |
sorry about the small error I have in the > of 10.0.2.15.dst.txt twice
I have updated my tshark command line after finding additional info
tshark -z io,stat,10,ip.src==10.0.2.15,ip.dst==10.0.2.15 -r myfile > 10.0.2.15.results.text
I am still trying to figure a way to use real time versus ticks.