How can I get a statistic of data size different than size of frame in tshark?

asked 2018-02-10 01:30:22 +0000

dibi gravatar image

updated 2018-02-10 01:32:45 +0000

I discovered that I can get a lot of statistic data from tshark when I use for example:

tshark -2 -R "ip.addr == 1.1.1.1" -o ssl.keylog_file:"sslkeylogfile" -r "capture.pcapng" -z io,stat,3600,"SUM(ssl.record.length)ssl.record.length and ssl.record.content_type == 23"

(the amount of encrypted data transferred through SSL )

But my question is how I can show in tshark in a statistic view values as:

Decrypted SSL bytes, Uncompressed entity body, http.file_data size

and similar that I can see in Wireshark UI precisely in bytes.

Is there a reasonable way?

Thank You

edit retag flag offensive close merge delete