How can I get the flow count from a pcap file ?

asked 2020-05-13 18:06:08 +0000

salwa1215
1 ●3 ●11 ●9

I have a basic question please. I want to know how can get the flows count from a pcap file please ? I got the packets count by doing staticstics --> file properties but I need to know the flows count and if it is possible some statistics per flows

edit retag flag offensive close merge delete

Comments

Can you define what a "flow" is?

Chuckc ( 2020-05-13 18:14:40 +0000 )edit

flow is all packets belonging to this quintuplet (src ip, dest ip, src port, dest port, protocol)

salwa1215 ( 2020-05-14 12:32:30 +0000 )edit

add a comment

1 Answer

Sort by » oldest newest most voted

answered 2020-05-13 22:02:35 +0000

Jaap

13730 ●684 ●115

Probably the Conversations in the Statistics menu should give you a pretty good insight.

edit flag offensive delete link

Comments

Can also get with tshark:

$ tshark -r ./ultpcap2.pcapng -q -z conv,tcp > tcp.conv
$ tshark -r ./ultpcap2.pcapng -q -z conv,udp > udp.conv

Chuckc ( 2020-05-14 14:32:33 +0000 )edit

add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2020-05-13 18:06:08 +0000

Seen: 1,755 times

Last updated: May 13 '20

How can I get the flow count from a pcap file ? edit

Comments

1 Answer

Comments