This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Tshark get rtp stream statistics in realtime

0

I need to get statistics on sip streams for a large test. I have 2 sipp generators one sender and one receiver, the receiver has the switch port mirrored to another machine used for analysis. For now on the "analyzer" I am saving data to a file:

tshark "host 1.1.1.1 and host 2.2.2.2" -i3 -w test_calls.pcap #(no other filters needed as this is only sip traffic, streams)

After this i analyze the pcap file:

tshark -r test_calls.pcap -qz rtp,streams

All is good and showing ok but on capture after a few minutes I have a few GB of data in the file, as I make cycles of 1000 2 minutes calls with 30 sec pause between cycles. Is there a way to get statistics with no saving to disk, I mean after a call ended show statistics and forget the data because I need to make some tests for 4-8 hours. Something like this:

tshark "host 1.1.1.1 and host 2.2.2.2" -i3 -qz rtp,streams (not a working command)

asked 17 Nov '16, 03:32

rift85's gravatar image

rift85
6113
accept rate: 0%


2 Answers:

1

Use dumpcap to capture the traffic with multiple files, e.g. the -b option, then using scripting to detect a new file and run tshark over that file to get the stats.

The tricky bit will be arranging the file capture and call to overlap so a complete call is contained within each capture file, you have options for duration and file size to limit a capture file.

Running tshark for long periods with high-volume data runs the risk of the tshark process running out of memory due to the state that's maintained.

answered 17 Nov '16, 03:46

grahamb's gravatar image

grahamb ♦
19.8k330206
accept rate: 22%

1

As you say you generate calls in "campaigns" clearly bordered in time, you can synchronize individual runs of tshark with those campaigns, can't you? That way, you wouldn't need to save the data to disk at all, just redirect the statistics output of tshark to a text file.

Trouble would begin if the memory of the capturing machine would be insufficient to handle the complete campaign, but that does not seem to be your case currently.

answered 17 Nov '16, 05:02

sindy's gravatar image

sindy
6.0k4851
accept rate: 24%