How can I get a statistic of data size different than size of frame in tshark?
I discovered that I can get a lot of statistic data from tshark when I use for example:
tshark -2 -R "ip.addr == 1.1.1.1" -o ssl.keylog_file:"sslkeylogfile" -r "capture.pcapng" -z io,stat,3600,"SUM(ssl.record.length)ssl.record.length and ssl.record.content_type == 23"
(the amount of encrypted data transferred through SSL )
But my question is how I can show in tshark in a statistic view values as:
Decrypted SSL bytes, Uncompressed entity body, http.file_data size
and similar that I can see in Wireshark UI precisely in bytes.
Is there a reasonable way?
Thank You
add a comment