TShark Capture Properties

Question

Is there a way to export the Capture File Properties with TShark?

Specifically I would like to get the following data out of a pcap or pcapng file:

First Packet Time
Second Packet Time
Elapsed
Statics: Number of Packets
Statics: Average bytes/s
Comment

Thanks

Accepted Answer

Have you tried capinfos? I believe it provides everything you're looking for, but if there is some useful information that is not currently available with the tool, you can file an enhancement bug request to ask for it to be added.

Answer 2

Try capinfos, which should be installed right alongside tshark:

capinfos C:\Users\xxx\Downloads\http-bug.pcap

File name: C:\Users\xxx\Downloads\http-bug.pcap File type: Wireshark/tcpdump/… - pcap File encapsulation: Ethernet File timestamp precision: microseconds (6) Packet size limit: file hdr: 262144 bytes Number of packets: 9000 File size: 9722 kB Data size: 9578 kB Capture duration: 14.434019 seconds First packet time: 2011-10-20 23:54:45.106241 Last packet time: 2011-10-20 23:54:59.540260 Data byte rate: 663 kBps Data bit rate: 5308 kbps Average packet size: 1064.27 bytes Average packet rate: 623 packets/s SHA1: 6703d741c6be2dfe78ad41a56559a2bfa8817b03 RIPEMD160: 8d1c5fa446a4f8fc168eacdc36648f28208ac55a MD5: 901c1a9b00e3df07098df1f3ca2762d5 Strict time order: True Number of interfaces in file: 1 Interface #0 info: Name = UNKNOWN Description = NONE Encapsulation = Ethernet (1/1 - ether) Speed = 18446744073709551615 Capture length = 262144 FCS length = -1 Time precision = microseconds (6) Time ticks per second = 1000000 Time resolution = 0x06 Filter string = NONE Operating system = UNKNOWN Comment = NONE BPF filter length = 0 Number of stat entries = 0 Number of packets = 9000