5

I've got a huge pcap file (many GBs) that I just can't load in wireshark. What I need is extracting bandwidth usage information, both total and per-protocol (in both incoming and outgoing direction), from it, and possibly graph it in a manager-friendly way.

Essentially, I need something that can process pcap files on the command line, and outputs usage statistics in a format suitable for visualization or usage with tools like rrdtool et al. Any advice welcome.

persson
  • 51
  • 2

1 Answers1

3

You could try using the commandline version of wireshark tshark to extract the statistics. There are some examples in tshark's manpage under -z, e.g. io,stat,0,smb for all SMB packets.

Lars Kotthoff
  • 646
  • 4
  • 10