On 8/9/2010 11:25 AM, Sake Blok wrote:
Have a look at the presentation I gave at Sharkfest'10, it shows you how you can accomplish something quite similar with Tshark and some (minor) scripting. You should be able to change the commands to your needs.
http://www.cacetech.com/sharkfest.10/A-6_Blok%20HANDS-ON%20LAB%20-%20Using%20Wireshark%20Command%20Line%20Tools%20and%20Scripting.zip
Question: in the wonderful example in that paper for finding the top 10
requested URLs, with this formula:
tshark -r example.cap -R http.request -T fields -e http.host -e
http.request.uri | sed -e 's/?.*$//' | sed -e
's#^\(.*\)\t\(.*\)$#http://\1\2#' | sort | uniq -c | sort -rn | head
Where does one set the top "10"? How would I change that to, say, top
"20" or whatever? Or does uniq -c always just produce the top 10?
Thank you.