Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

asked 2020-06-19 18:21:34 +0000

Amgonz gravatar image

Trying to Combine fields and Stats in an Output File with Tshark

I am currently trying to extract network features using Tshark and have been able to extract basic features with -T -e command and am able to calculate useful statistics using -z,io,stats. But I am looking for a way to extract them in the same output file.

I have two commands

tshark -r packet1.pcap -z io,stat,1,SUM(frame.len)frame.len -q > test.csv

and

tshark -r packet1.pcap -T fields -e ip.proto -e ip.flags -e frame.len -E header=y -E separator=, -E quote=d > test.csv

Ts there any way to combine them to so I can get an output file with the IP protocol, Ip flag, frame length, and the average frame length for that interval?

Thank you

Trying to Combine fields and Stats in an Output File with Tshark

I am currently trying to extract network features using Tshark and have been able to extract basic features with -T -e command and am able to calculate useful statistics using -z,io,stats. But I am looking for a way to extract them in the same output file.

I have two commands

tshark -r packet1.pcap -z io,stat,1,SUM(frame.len)frame.len -q > test.csv

and

tshark -r packet1.pcap -T fields -e ip.proto -e ip.flags -e frame.len -E header=y -E separator=, -E quote=d > test.csv

Ts Is there any way to combine them to so I can get an output file with the IP protocol, Ip flag, frame length, and the average frame length for that interval?

Thank you