This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

How to obtain continuous updated statistics along the packet capture

0

How can I have the ouput of

tshark -Y usb -z endpoints,ip
================================================================================
IPv4 Endpoints
Filter:<No Filter>
Packets  | |  Bytes  | | Tx Packets | | Tx Bytes | | Rx Packets |  
172.217.18.110               5314       5425872       3504         5305056        1810         
192.168.1.55                5314       5425872       1810          120816        3504           
192.168.1.9                  1           272          1             272           0                
================================================================================

in a dynamical fashion. This table should be displayed continuously on my terminal and have it updated along the packet capture.

asked 11 Oct '16, 09:16

user31415's gravatar image

user31415
26569
accept rate: 0%

edited 11 Oct '16, 09:16

Can you imagine dynamic updates of a list of 10000+ IP addresses? I mean, this is not something you would implement as a generic feature, not only because it would generate a lot of load on the text output subsystem but mainly because the output would be totally impossible to deal with for the human observing it. So if you need such functionality for your particular scenario with less IP addresses on the wire than lines in your terminal window, I'd recommend to pipe the normal output of tshark -T fields -e ip.src -e ip.dst to stdin of your own piece of code (a perl script is enough) which would then do what you want.

(11 Oct '16, 10:13) sindy

One Answer:

1

You could maybe use a tool designed for the job, e.g. ntop or ntopng.

answered 11 Oct '16, 10:24

grahamb's gravatar image

grahamb ♦
19.8k330206
accept rate: 22%