Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

Handling a month's worth of pcap files and summarizing them is certainly possible but there could be some serious work to this and scripting would be a BIG help to provide automation. Look at the stats options available with

tshark -z

To rollup by IP, something like this produces a simple table:

tshark -q -z endpoints,ip -r <pcap file>
================================================================================
IPv4 Endpoints
Filter:<No Filter>
               |  Packets  ||  Bytes  || Tx Packets || Tx Bytes || Rx Packets || Rx Bytes |
224.0.0.1          1            60           0             0             1        60

or the Wireshark Statistics->Endpoints tool for a capture loaded in the GUI.

However, it's probably best to use a different product; for free/open source have a look at

https://www.ntop.org/products/traffic-analysis/ntop/

This might be good for home use. For professional use/non-free software, you could try something from these guys:

https://www.liveaction.com/products/omnipeek/

Netflow solutions could come into play here too - I am sure there are many other options.