How can I reconstruct session from pcap file?

Question

I am trying to extract session level (flow level) information from my pcap trace file.

I want to generate the following data for each line of session (flow):

 Flow_num, IP_Src, IP_Dst, Flow_start_time, Flow_Duration, Flow_type (video/image/text/...), Protocol, Flow_size

Answer 1

Use tcpdump to display pcap file then use a script to filter/calculate the output. Check out this link about tcpdump and pcap.