Ask Your Question
0

Bytes as Mb in output result

asked 2020-07-02 20:02:20 +0000

updated 2020-07-03 08:10:42 +0000

grahamb gravatar image

Hi experts, i was trying to add the best title but is hard to explain in a few letters.

My question is about the wireshark output result as JSON, i was trying to do it but sadly the size is more than 1GB so i send it as txt with the following command:

tshark -r file_from_wireshark.pcapng
-q -z conv,ip > output.txt

output.txt:

IPv4 Conversations
Filter:<No Filter>
                                     |       <-      | |       ->      | |     Total     |    Relative    |   Duration   |
                                     | Frames  Bytes | | Frames  Bytes | | Frames  Bytes |      Start     |              |
pageRandom <-> host.testing.internal   62393  89805838   29608   1787542   92001  91593380     0.000000000
  1. Is there anyway to get only total bytes: 89805838 ??
  2. is there an option to change it to MB instead of bytes?
  3. Is there any way to get this as JSON, just with the information generated as txt?

thank you so much before hand

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2020-07-06 22:46:30 +0000

cmaynard gravatar image

You've asked 3 questions instead of just 1; I can provide an answer to 2 of them.

  1. Yes, you can grab the total bytes, but you will need other tools to do so, for example:

    tshark -r file_from_wireshark.pcapng -q -z conv,ip 2> /dev/null | awk '{print $9}'
    
  2. You can convert the result to MB instead of bytes, but not with any tshark option I'm aware of. Again you can use external tools to massage the result as needed, for example:

    tshark -r file_from_wireshark.pcapng -q -z conv,ip 2> /dev/null | grep -F "<->" | awk '{ mbyte = $9/1000/1000; print mbyte " MB" }'
    

    Or if you prefer the result in mebibytes instead of megabytes:

    tshark -r file_from_wireshark.pcapng -q -z conv,ip 2> /dev/null | grep -F "<->" | awk '{ mbyte = $9/1024/1024; print mbyte " MiB" }'
    
  3. I don't know how to convert this output to JSON, and I'm not even sure exactly what you want the output format to look like. Probably the data can be transmogrified into JSON with these or other external tools though, but I'll leave the answer to this one for someone else.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2020-07-02 20:02:20 +0000

Seen: 70 times

Last updated: Jul 06