This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Tshark equivalent to endpoints Gui window

0

I'm interested in finding out how to produce an endpoints graph via Tshark that is essentially equivalent to the IPv4 endpoints window with no filter?

Joke, I'm specifically looking for something that isn't conversation specific, but host specific like the Wireshark IPv4 endpoints window... I've already been down the conversations road and it is too finely grained; I just need summarizations for each IPv4 endpoint only.

asked 17 Feb '12, 11:46

kipswederman's gravatar image

kipswederman
1112
accept rate: 0%

edited 20 Feb '12, 12:34

I don't think there's anything directly equivalent, but it can be done with scripting. What OS are you using?

(18 Feb '12, 07:03) grahamb ♦

You can use TShark statistics to get an overview of the conversations.
$ tshark -r test.pcap -q -z conv,eth -z conv,ip -z conv,tcp
Please take a look at this question or other questions tagged with statistics.

(18 Feb '12, 08:11) joke

You still haven't stated what OS you are using, as your requirement can be met with scripting. If you are using Windows, I can post a PowerShell script that should do what you want.

(20 Feb '12, 14:39) grahamb ♦

Mr. Graham, while I appreciate your assistance, I've already scripted my way to a solution for this dataset. Unfortunately, the added overhead of the scripting process is too slow, so I'm looking for a native T-Shark solution here. I do thank your for being willing to help though!

(22 Feb '12, 11:11) kipswederman