Wireshark mailing list archives
tshark - compare src and dst counts for an IP address.
From: Gary Taylor <squeaky () SDF ORG>
Date: Fri, 10 Jul 2015 13:35:15 -0700
I've got .pcap files that I use to verify traffic is bi-directional. I currently use tshark and do something like ./tshark -r capture.pcap ip.src == 192.168.1.1 | wc -l ./tshark -r capture.pcap ip.dst == 192.168.1.1 | wc -l and compare the number of lines returned. As long as they're close I'm happy. Is there a smarter method to compare ip "request/responses"? I don't need to have exact data. Just want to make sure the numbers are "close". I'd like do it one pass because the pcap files get rather large and can take a while to go through. Thanks, Gary -- squeaky () sdf lonestar org SDF Public Access UNIX System - http://sdf.lonestar.org ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- tshark - compare src and dst counts for an IP address. Gary Taylor (Jul 11)
- Re: [Wireshark-users] tshark - compare src and dst counts for an IP address. Christopher Maynard (Jul 13)