 | 1 | initial version |
You've asked 3 questions instead of just 1; I can provide an answer to 2 of them.
Yes, you can grab the total bytes, but you will need other tools to do so, for example:
tshark -r file_from_wireshark.pcapng -q -z conv,ip 2> /dev/null | awk '{print $9}'
You can convert the result to MB instead of bytes, but not with any tshark option I'm aware of. Again you can use external tools to massage the result as needed, for example:
tshark -r file_from_wireshark.pcapng -q -z conv,ip 2> /dev/null | grep -F "<->" | awk '{ mbyte = $9/1000/1000; print mbyte " MB" }'
Or if you prefer the result in mebibytes instead of megabytes:
tshark -r file_from_wireshark.pcapng -q -z conv,ip 2> /dev/null | grep -F "<->" | awk '{ mbyte = $9/1024/1024; print mbyte " MiB" }'
I don't know how to convert this output to JSON, and I'm not even sure exactly what you want the output format to look like. Probably the data can be transmogrified into JSON with these or other external tools though, but I'll leave the answer to this one for someone else.
Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.