This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

python extraction of flow statistics of a pcap file

0

hello all i must use some features of all log-data of a adsl router traffic with various users (features like max-min-median length packet in forward or backward flow). after saving traffic with wireshark in pcap or pcapng format, how can i calculate or use this features from a pcap file and use them in a python program??

asked 14 Oct '17, 12:24

MohammadE's gravatar image

MohammadE
1111
accept rate: 0%


One Answer:

0

If you have file1.pcap to process, you can use tshark -T fields -e frame.len -Eseparator=/t -r file1.pcap >file1_out.tab to get the length of each frame in a tab-delimited format for processing via stats library in python or other languages.

the -e option can take any wireshark display filter so you can add additional info if needed (e.g. ip src/dst, tcp src/dst, frame number)

If you want to do all of the processing within python, look into pylibpcap or other pcap-related libraries.

answered 18 Oct '17, 07:47

CMH_Tim's gravatar image

CMH_Tim
11226
accept rate: 0%

edited 18 Oct '17, 07:50