Ask Your Question
0

How can I get the flow count from a pcap file ?

asked 2020-05-13 18:06:08 +0000

salwa1215 gravatar image

I have a basic question please. I want to know how can get the flows count from a pcap file please ? I got the packets count by doing staticstics --> file properties but I need to know the flows count and if it is possible some statistics per flows

edit retag flag offensive close merge delete

Comments

Can you define what a "flow" is?

Chuckc gravatar imageChuckc ( 2020-05-13 18:14:40 +0000 )edit

flow is all packets belonging to this quintuplet (src ip, dest ip, src port, dest port, protocol)

salwa1215 gravatar imagesalwa1215 ( 2020-05-14 12:32:30 +0000 )edit
add a comment

1 Answer

Sort by ยป oldest newest most voted
0

answered 2020-05-13 22:02:35 +0000

Jaap gravatar image

Probably the Conversations in the Statistics menu should give you a pretty good insight.

edit flag offensive delete link more

Comments

Can also get with tshark:

$ tshark -r ./ultpcap2.pcapng -q -z conv,tcp > tcp.conv
$ tshark -r ./ultpcap2.pcapng -q -z conv,udp > udp.conv
Chuckc gravatar imageChuckc ( 2020-05-14 14:32:33 +0000 )edit
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2020-05-13 18:06:08 +0000

Seen: 2,030 times

Last updated: May 13 '20

Related questions

How do Wireshark resolve addresses

How do I extract the individual flows from the total packets in a pcap file?

do follow->udp stream work correctly?

Delay in GOOSE Subscription

Capture incoming packets from remote web server

How to set packet metadata in realtime?

What is the syntax for wireshark custom column

Monitor device

Why would I be getting "LEN 1 (Malformed Packet)"... "(Malformed Packet: RTCP)" on UDP Packets

What is wrong with my internets?!