Wireshark-users: Re: [Wireshark-users] tshark session/flow logging

From: "j.snelders" <j.snelders@xxxxxxxxxx>
Date: Wed, 10 Mar 2010 22:07:27 +0100
Hi,

Looking for this?

tshark -r test.pcap -q -z conv,tcp
tshark -r test.pcap -q -z conv,eth -z conv,ip -z conv,tcp

$ tshark -r test2.pcap -q -z conv,tcp
================================================================================
TCP Conversations
Filter:<No Filter>
                                               |       <-      | |      
->      | |     Total     |

                                               | Frames  Bytes | | Frames
 Bytes | | Frames  Bytes |

192.168.1.2:49808    <-> 74.125.77.104:80          15     16384      11 
    2069      26     18453
192.168.1.2:49806    <-> 74.125.77.104:80          13     15417      11 
    2170      24     17587
192.168.1.2:49807    <-> 168.143.162.59:80          6       957       6 
     826      12      1783
192.168.1.2:49809    <-> 66.102.13.102:80           3       326       4 
     832       7      1158
================================================================================

HTH
Joan


On Wed, 10 Mar 2010 07:38:01 +0000 Salman Malik wrote:
>
>Hello
>
>If I have a captured trace of some traffic. Is it possible for me to get
>statistics of each flow (identified by a src/dst IP and src/dst port) using
>tshark ? Also I have got "IP over IP traffic" or more specifically GPRS
traffic
>(at GN interface) , how can the headers beneath GTP headers be analysed
statistically
>?