I'm interested in finding out how to produce an endpoints graph via Tshark that is essentially equivalent to the IPv4 endpoints window with no filter? Joke, I'm specifically looking for something that isn't conversation specific, but host specific like the Wireshark IPv4 endpoints window... I've already been down the conversations road and it is too finely grained; I just need summarizations for each IPv4 endpoint only. asked 17 Feb '12, 11:46  kipswederman edited 20 Feb '12, 12:34 |
This is a static archive of our old Q&A Site.
Please post any new questions and answers at ask.wireshark.org.
I don't think there's anything directly equivalent, but it can be done with scripting. What OS are you using?
You can use TShark statistics to get an overview of the conversations.
$ tshark -r test.pcap -q -z conv,eth -z conv,ip -z conv,tcp
Please take a look at this question or other questions tagged with statistics.
You still haven't stated what OS you are using, as your requirement can be met with scripting. If you are using Windows, I can post a PowerShell script that should do what you want.
Mr. Graham, while I appreciate your assistance, I've already scripted my way to a solution for this dataset. Unfortunately, the added overhead of the scripting process is too slow, so I'm looking for a native T-Shark solution here. I do thank your for being willing to help though!