Wireshark mailing list archives
Re: Extracting the no. of ports in a pcap
From: "j.snelders" <j.snelders () telfort nl>
Date: Sat, 20 Aug 2011 09:01:54 +0200
Hi Nitin, You can use the option -T fields to create a .csv file: $ tshark -r test.pcap -T fields -e ip.src -e tcp.srcport -e ip.dst -e tcp.dstport -E header=y > test.csv ip.src tcp.srcport ip.dst tcp.dstport 10.0.1.2 1337 10.0.177.195 80 10.0.177.195 80 10.0.1.2 1337 10.0.1.2 1337 10.0.177.195 80 Or have a look at TShark statistics: $ tshark -r test.pcap -q -z conv,tcp ================================================================================ TCP Conversations Filter:<No Filter> | <- | | -> | | Total | | Frames Bytes | | Frames Bytes | | Frames Bytes | 10.0.1.2:1386 <-> 10.0.220.20:80 111 142403 57 3618 168 146021 10.0.1.2:1367 <-> 10.0.220.20:80 54 73813 30 2061 84 75874 10.0.1.2:1344 <-> 10.0.178.11:80 43 57501 29 3622 72 61123 See the man-page for more information: http://www.wireshark.org/docs/man-pages/tshark.html Hope this helps Joke On Sat, 20 Aug 2011 11:11:24 +0530 NITIN GOYAL wrote:
Hi I have a big pcap which i want to convert into pdml format. This pcap have multiple sessions on different ports on a combination of Src and Dst. IP. Like 10.x.x.x [port1] 172.0.0.1 [port y] 10.x.x.x [port2] 172.0.0.1 [port y] 10.x.x.x [port3] 172.0.0.1 [port y] 10.x.x.x [port4] 172.0.0.1 [port y] Now, is there any way, i can get the numbers of ports and their list before i start making the pdml for each port. SO, i can call tshark.exe in a multi-threaded program which call multiple instances of tshark for different ports and i get multiple pdml files for multiple ports simultaneously. Guys, can somebody give my any advice for the things explained above. Thanks Nitin
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- Extracting the no. of ports in a pcap NITIN GOYAL (Aug 19)
- Re: Extracting the no. of ports in a pcap j.snelders (Aug 20)