Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: tshark session/flow logging

From: "j.snelders" <j.snelders () telfort nl>
Date: Wed, 10 Mar 2010 22:07:27 +0100
Hi,

Looking for this?

tshark -r test.pcap -q -z conv,tcp
tshark -r test.pcap -q -z conv,eth -z conv,ip -z conv,tcp

$ tshark -r test2.pcap -q -z conv,tcp
================================================================================
TCP Conversations
Filter:<No Filter>
                                               |       <-      | |      
->      | |     Total     |

                                               | Frames  Bytes | | Frames
 Bytes | | Frames  Bytes |

192.168.1.2:49808    <-> 74.125.77.104:80          15     16384      11 
    2069      26     18453
192.168.1.2:49806    <-> 74.125.77.104:80          13     15417      11 
    2170      24     17587
192.168.1.2:49807    <-> 168.143.162.59:80          6       957       6 
     826      12      1783
192.168.1.2:49809    <-> 66.102.13.102:80           3       326       4 
     832       7      1158
================================================================================

HTH
Joan


On Wed, 10 Mar 2010 07:38:01 +0000 Salman Malik wrote:


Hello

If I have a captured trace of some traffic. Is it possible for me to get
statistics of each flow (identified by a src/dst IP and src/dst port) using
tshark ? Also I have got "IP over IP traffic" or more specifically GPRS

traffic

(at GN interface) , how can the headers beneath GTP headers be analysed

statistically

?


       


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: