Ethereal-users: Re: [Ethereal-users] Saving Statistics to a File

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Martin Regner" <martin.regner@xxxxxxxxx>
Date: Thu, 6 May 2004 06:28:24 +0200
 
Chris Bradt wrote:
<Is there a way to save the statistics data to a file? For example,
<I'm looking at a list of IPv4 conversations generated by doing
<Statistics - Conversation List - IPv4. Great info but I'd like to
<be able to save it off for further/later analysis.
 
 
It is currently not possible to do that from Ethereal, but you can use Tethereal, the command line version
of Ethereal, to produce a similar output as in the conversation list.
Tethereal is included in the Ethereal distribution.
 
 
 

-z conv,type[,filter]

Create a table that lists all conversations that could be seen in the capture. type specifies which type of conversation we want to generate the statistics for, currently the supported ones are ``eth'' Ethernet ``fc'' Fibre Channel ``fddi'' FDDI ``ip'' IP addresses ``ipx'' IPX addresses ``tcp'' TCP/IP socketpairs Both IPv4 and IPv6 are supported ``tr'' TokenRing ``udp'' UDP/IP socketpairs Both IPv4 and IPv6 are supported

If the optional filter string is specified, only those packets that match the filter will be used in the calculations.

The table is presented with one line for each conversation and displays number of frames/bytes in each direction as well as total number of frames/bytes. The table is sorted according to total number of bytes.

 

You can try with something like

<tethereal -r infile.cap -R "eth and !eth" -z conv,ip  > statistic_result.txt

The <<<-R "eth and !eth">>> option I use in the above example is to get just the conversation printout without printing out all the frames .

No frames should match that condition, so just the conversation printout is displayed.

 

It may be good to prepare a batch-script that takes the input file name and runs Tethereal with the options you want and maybe also does

all or some of the prost-processing of the file.

 

<my_statistics infile.cap

    Generating IPv4 conversation printout with tethereal for the file "infile.cap" to file "ip4stat.log"

    173 ip conversations found

    The formatted information is available in file "infile.cap_ip4stat.csv" ready to be loaded into spreadsheet program