How do I aggregate captured data?
Hey folks,
I'm a Wireshark novice and I'm starting to get to grips with it and look at practical tasks one may face. I'm also a relative novice with Linux, so please excuse me if the question is dumb or obvious.
I've got wireshark running capturing data from an adapter in monitor mode and another adapter in managed mode connected to the network. I have the wireless key set up for my network in wireshark and I have rejoined the network on two other machines. Right now I can see the To/From calls to the router requesting various websites and services on both my other machines.
I want to write a couple of aggregations for example:
1) Count(visits), Website WHERE device IS MyMac
2) Count(requestsToRouter), Device WHERE requestType IS SSL
What is the best way to go about this? I have a background in programming so general advice is welcome, I want to make sure there's not some existing method of doing this before I start scripting something and also make sure I don't write something horribly inefficient if I do.
Thanks!
