Hi,
Check this out:
$ tshark -r <infile> -q -z sip,stat
-r to define the capture file to read
-q be quite, as in don't show packet details
-z sip,stat is where the magic comes from
Or to get a raw number (on U*IX):
$ tshark -r <infile> -R sip | wc -l
- r to define the capture file to read
- R to filter out the SIP packets
- wc -l to count the lines, assuming 1 packet = 1 line
Thanks,
Jaap
On Fri, 2 Sep 2011 10:07:54 +0200, Evanghelos Papaioannu wrote:
Hi all,
i'm new to tshark (yes, command line!) and I really can't understand
how
to count how many SIP packets are inside a cap file (snoop from
solaris
machine).
I tried many ways but it just printed all the packets.
Can you please give any advice?
Thanks,
Evan