Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

answered 2021-03-10 18:18:10 +0000

masonke gravatar image

You need to use tshark to export data over time. Check out https://www.wireshark.org/docs/man-pages/tshark.html for details on the -z options. Here is what I use to show bits/bytes/etc over time. i have yet to figure out how to make this export as csv, but, you can always do some sed and awk to clean it up.

tshark -r <somefile.pcapng> -q -z io,stat,1,"BYTES()ip.src == 10.10.10.10"

=======================================
| IO Statistics                       |
|                                     |
| Duration: 966.762773 secs           |
| Interval:   1 secs                  |
|                                     |
| Col 1: BYTES()ip.src == 10.10.10.10 |
|-------------------------------------|
|            |1         |             |
| Interval   |   BYTES  |             |
|-----------------------|             |
|   0 <>   1 |     1413 |             |
|   1 <>   2 |   261714 |             |
|   2 <>   3 |        0 |             |
|   3 <>   4 |        0 |             |
|   4 <>   5 |        0 |             |
|   5 <>   6 |        0 |             |
|   6 <>   7 |     1417 |             |

etc.....