Trying to Combine fields and Stats in an Output File with Tshark
I am currently trying to extract network features using Tshark and have been able to extract basic features with -T -e command and am able to calculate useful statistics using -z,io,stats. But I am looking for a way to extract them in the same output file.
I have two commands
tshark -r packet1.pcap -z io,stat,1,SUM(frame.len)frame.len -q > test.csv
and
tshark -r packet1.pcap -T fields -e ip.proto -e ip.flags -e frame.len -E header=y -E separator=, -E quote=d > test.csv
Is there any way to combine them to so I can get an output file with the IP protocol, Ip flag, frame length, and the average frame length for that interval?
Thank you
Is it "average frame length" or
SUM(frame.len)frame.len?Do you want the statistic lines interspersed with the packet lines showing the fields?
If the command lines are combined the output is packets then statistics at the end.
That could be post processed with a script or it could be done on the front end by processing the pcap in one second chunks.