Hello all,
I would like to do some calculations on the network flows by using the packet fields to calculate values such as the variance of payload packet length for a time interval, number of packet exchanged for time interval and so on, like from this paper: (http://www.jatit.org/volumes/Vol67No2/2Vol67No2.pdf)
I understand that a flow is a series of packets sharing same characteristics such as Src.address, Src.port, Dest.Addres, and Dest.port. Right now I can extract packet fields to a csv file using tshark, however it is for all packets instead of a flow. How can I extract the information such that I have the individual flows instead of the individual packets so that I can perform calculations on it?
Thank you so much for your time
