Retrieving Duration Using Tshark.

asked 2020-06-17 21:03:45 +0000

Amgonz
1 ●1

For a project I am working on I am trying to extract network features with Tshark and export the features as a .csv file to then use in python.

One of the features I am trying to get is duration I can find duration using the Wireshark application by going into statistics then conversations, however, I am unable to find the commands to find and export the feature using Tshark.

Can anyone help me out?

edit retag flag offensive close merge delete

add a comment

1 Answer

Sort by » oldest newest most voted

answered 2020-06-17 21:17:54 +0000

Chuckc
2858 ●5 ●567 ●19

updated 2020-06-17 21:22:37 +0000

Some/most of the Statistics are available with -z options.
Check the tshark man page

$ tshark -r ./output.pcap  -z conv,ip -q | head -6
================================================================================
IPv4 Conversations
Filter:<No Filter>
             |      <-      | |      ->      | |    Total    |   Relative   |  Duration |
             | Frames  Bytes| | Frames  Bytes| |Frames  Bytes|      Start   |           |
192.168.200.204<->239.255.255.250
                 0       0        40    25674    40     25674  0.000000000      0.1089

edit flag offensive delete link

add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2020-06-17 21:03:45 +0000

Seen: 499 times

Last updated: Jun 17 '20

Retrieving Duration Using Tshark. edit

1 Answer