Revision history [back]

I discovered that I can get a lot of statistic data from tshark when I use for example:

tshark -2 -R "ip.addr == 1.1.1.1" -o ssl.keylog_file:"sslkeylogfile" -r "capture.pcapng"-z io,stat,3600,"SUM(ssl.record.length)ssl.record.length and ssl.record.content_type == 23"

(the amount of encrypted data transferred through SSL )

But my question is how I can show in tshark in a statistic view values as:

Decrypted SSL bytes Uncompressed entity body http.file_data size

and similar that I can see in Wireshark UI precisely in bytes.

Is there a reasonable way?

Thank You

I discovered that I can get a lot of statistic data from tshark when I use for example:

tshark -2 -R "ip.addr == 1.1.1.1" -o
  -o ssl.keylog_file:"sslkeylogfile" -r
  "capture.pcapng"-z
  io,stat,3600,"SUM(ssl.record.length)ssl.record.length
  -r "capture.pcapng" -z io,stat,3600,"SUM(ssl.record.length)ssl.record.length and ssl.record.content_type == 23"
 

23"

(the amount of encrypted data transferred through SSL )

But my question is how I can show in tshark in a statistic view values as:

Decrypted SSL bytes Uncompressed entity body http.file_data size

and similar that I can see in Wireshark UI precisely in bytes.

Is there a reasonable way?

Thank You

I discovered that I can get a lot of statistic data from tshark when I use for example:

tshark -2 -R "ip.addr == 1.1.1.1" -o ssl.keylog_file:"sslkeylogfile" -r "capture.pcapng" -z io,stat,3600,"SUM(ssl.record.length)ssl.record.length and ssl.record.content_type == 23"

(the amount of encrypted data transferred through SSL )

But my question is how I can show in tshark in a statistic view values as:

Decrypted SSL bytes bytes, Uncompressed entity body body, http.file_data size

and similar that I can see in Wireshark UI precisely in bytes.

Is there a reasonable way?

Thank You