1 | initial version |
Handling a month's worth of pcap files and summarizing them is certainly possible but there could be some serious work to this and scripting would be a BIG help to provide automation. Look at the stats options available with
tshark -z
To rollup by IP, something like this produces a simple table:
tshark -q -z endpoints,ip -r <pcap file>
================================================================================
IPv4 Endpoints
Filter:<No Filter>
| Packets || Bytes || Tx Packets || Tx Bytes || Rx Packets || Rx Bytes |
224.0.0.1 1 60 0 0 1 60
or the Wireshark Statistics->Endpoints tool for a capture loaded in the GUI.
However, it's probably best to use a different product; for free/open source have a look at
https://www.ntop.org/products/traffic-analysis/ntop/
This might be good for home use. For professional use/non-free software, you could try something from these guys:
https://www.liveaction.com/products/omnipeek/
Netflow solutions could come into play here too - I am sure there are many other options.