 | 1 | initial version |
Maybe a better, simpler solution is to just run tshark, making use of its statistics options? For example:
tshark -i some_interface -s 64 -q -z conv,ip,"ip.addr==1.2.3.4"
... where 1.2.3.4 is the IP address of a particular server you're interested in. If you have multiple servers, you can just or the filters together, e.g., "ip.addr==1.2.3.4 or ip.addr==2.3.4.5". If you want all conversations, you can omit the filter altogether and post-process if you need to.