I usually obtain flow information by opening statistics features in the wireshark. However, this way is blocked when the pcap file is too big to open(it will cause RAM overload when loading big pcap file into wireshark). I wonder if I could get flow statistical feature via command line, like tshark, editcap or something else. I really appreciate if some experts help me out. Best regards
asked 15 Jun '16, 01:04
You can cut the capture files in half if that helps. Have a look at the command line tools capinfos and editcap.
Tshark has some interesting statistics options as well.
answered 15 Jun '16, 05:05