Wireshark-users: Re: [Wireshark-users] Good tools for pcap summary info, etc.?

From: Jim Balo <jimbalo22@xxxxxxxxx>
Date: Thu, 25 Sep 2008 11:56:30 -0700 (PDT)
Hi James,
 
I'd like to look at your tool - is it downloadable from somewhere ?
 
Thanks,
JB


--- On Thu, 9/25/08, James Talbut <James.Talbut@xxxxxxxxx> wrote:
From: James Talbut <James.Talbut@xxxxxxxxx>
Subject: RE: [Wireshark-users] Good tools for pcap summary info, etc.?
To: jimbalo22@xxxxxxxxx, "Community support list for Wireshark" <wireshark-users@xxxxxxxxxxxxx>
Date: Thursday, September 25, 2008, 10:04 AM

I wrote myself a python program to take the output from tshark and carry out a
number of operations on it.
I break it down into four end products:
1. Chart of incoming and outgoing bytes per second (calculated per minute).
2. Chart of each of incoming and outgoing bytes per second as a stacked
histogram of protocols.
3. Table of conversations that can be loaded into a spreadsheet to find the big
users.
4. Table of protocols I don't like to see.
 
I tried a load of other tools, but found them all lacking in some way.
 
Jim

________________________________

From: wireshark-users-bounces@xxxxxxxxxxxxx on behalf of Jim Balo
Sent: Thu 25/09/2008 18:00
To: wireshark-users@xxxxxxxxxxxxx
Subject: [Wireshark-users] Good tools for pcap summary info, etc.?


Hello,
 
I am capturing all traffic leaving our network in order to determine what
traffic should be allowed and what traffic should be blocked (by egress
filtering).  Last time I did this, it was quite painful and took a long time.  
 
I know there are some built in tools in Wireshark for displaying summaries of
pcap traffic, but I am interested in finding out what other tools are out there
for anylyzing big pcap files and displaying summaries / statistics in various
ways (like end-point communications w/ easy access to whois and/or other details
for each node).  
 
Any help on this would be great!
 
Thanks,
JB
 


________________________________________________________________________
This e-mail, and any attachment, is confidential. If you have received it in
error, do not use or disclose the information in any way, notify me immediately,
and please delete it from your system.
________________________________________________________________________