Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Extracting the no. of ports in a pcap

From: "j.snelders" <j.snelders () telfort nl>
Date: Sat, 20 Aug 2011 09:01:54 +0200
Hi Nitin,

You can use the option -T fields to create a .csv file:

$ tshark -r test.pcap -T fields -e ip.src -e tcp.srcport -e ip.dst -e tcp.dstport
-E header=y > test.csv
ip.src  tcp.srcport     ip.dst  tcp.dstport
10.0.1.2       1337    10.0.177.195   80
10.0.177.195   80      10.0.1.2       1337
10.0.1.2       1337    10.0.177.195   80


Or have a look at TShark statistics:

$ tshark -r test.pcap -q -z conv,tcp
================================================================================
TCP Conversations
Filter:<No Filter>
                                               |       <-      | |      
->      | |     Total     |

                                               | Frames  Bytes | | Frames
 Bytes | | Frames  Bytes |

10.0.1.2:1386     <-> 10.0.220.20:80         111    142403      57      3618
    168    146021
10.0.1.2:1367     <-> 10.0.220.20:80          54     73813      30      2061
     84     75874
10.0.1.2:1344     <-> 10.0.178.11:80          43     57501      29      3622
     72     61123


See the man-page for more information:
http://www.wireshark.org/docs/man-pages/tshark.html

Hope this helps
Joke

On Sat, 20 Aug 2011 11:11:24 +0530 NITIN GOYAL wrote:

Hi

I have a big pcap which i want to convert into pdml format. This pcap have
multiple sessions on different ports on a combination of Src and Dst. IP.

Like
10.x.x.x [port1]  172.0.0.1 [port y]
10.x.x.x [port2]  172.0.0.1 [port y]
10.x.x.x [port3]  172.0.0.1 [port y]
10.x.x.x [port4]  172.0.0.1 [port y]

Now, is there any way, i can get the numbers of ports and their list before
i start making the pdml for each port. SO, i can call tshark.exe in a
multi-threaded program which call multiple instances of tshark for different
ports and i get multiple pdml files for multiple ports simultaneously.

Guys, can somebody give my any advice for the things explained above.

Thanks
Nitin



       


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: