Michael Vanden Bossche wrote:
<I need to have the total number of bytes send for each IP address source &
<IP address destination and each protocol in a period of 5 minutes (for example).
<After the 5 minutes another 5 minutes of number of bytes is computed and
<recorded, and so on.
<At the end, I have a table of 5 minutes entries with a timestamp, IP address
<source, IP address destination, protocol, number of bytes
<Is this possible with Ethereal?
The non-GUI version of Ethereal that is called tethereal is probably better for this. Tethereal is included in the Ethereal distribution.
If you use tethereal with "-z io,users,ip" option you will get a printout of the top-talkers during a 5 minute interval, but not divided into different protocols. Theres is also "-z io,users,tcpip", "-z io,users,udpip" and "-z io,users,eth". For more info se the tethereal man-page
tethereal -a duration:300 -R "not eth" -z io,users,ip
You could probably use some kind of batch-file/shell-script that captures to a file, prints the time and outputs some statistics, e.g. something like:
-------------------
@Echo Off
echo ====================== >> statfile.txt
:MYREPEAT
tethereal -a duration:300 -w file1.pcap
tethereal -r file1.pcap -R "not eth" -z io,users,ip >> statfile.txt
tethereal -r file1.pcap -R "not eth" -z io,users,tcpip >> statfile.txt
tethereal -r file1.pcap -R "not eth" -z io,users,udpip >> statfile.txt
echo ************************************* >> statfile.txt
GoTo MYREPEAT
-------------------
This way you will miss packets that arrives while calculating the statistics, but maybe that doesn't matter ...
You cannot get the statistics for different protocols, but on different tcp/udp port number combinations
Another variant could be to use a utilty (e.g. tcpslice ??) to extract different 5 minute time-intervals from a long capture
and use the "io,users" statistics for each interval.