hello all i must use some features of all log-data of a adsl router traffic with various users (features like max-min-median length packet in forward or backward flow). after saving traffic with wireshark in pcap or pcapng format, how can i calculate or use this features from a pcap file and use them in a python program?? asked 14 Oct '17, 12:24  MohammadE |
One Answer:
If you have file1.pcap to process, you can use tshark -T fields -e frame.len -Eseparator=/t -r file1.pcap >file1_out.tab to get the length of each frame in a tab-delimited format for processing via stats library in python or other languages. the -e option can take any wireshark display filter so you can add additional info if needed (e.g. ip src/dst, tcp src/dst, frame number) If you want to do all of the processing within python, look into pylibpcap or other pcap-related libraries. answered 18 Oct '17, 07:47  CMH_Tim edited 18 Oct '17, 07:50 |
