I discovered that I can get a lot of statistic data from tshark when I use for example:
tshark -2 -R "ip.addr == 1.1.1.1" -o ssl.keylog_file:"sslkeylogfile" -r "capture.pcapng"-z io,stat,3600,"SUM(ssl.record.length)ssl.record.length and ssl.record.content_type == 23"
(the amount of encrypted data transferred through SSL )
But my question is how I can show in tshark in a statistic view values as:
Decrypted SSL bytes Uncompressed entity body http.file_data size
and similar that I can see in Wireshark UI precisely in bytes.
Is there a reasonable way?
Thank You