tshark -r wlan.pcap -z io,phsĭuring the first pass analysis of the packet, the specified filter (which uses the syntax of read/display filters, rather than that of capture filters) has to be applied. Here we can observe that we have the frames count, size of packets in bytes and the Protocol used for the transmission. Then we will be taking the traffic from the file, and then sort the data into a Protocol Hierarchy. For our demonstration, we first captured some traffic and wrote the contents on a pcap file using the techniques that we learned in part 1 of this article series.
But if a specific filter is provided than the TShark will calculate statistics for those packets that match the filter provided by the user. In the case where no filter is given after the “io,phs” option, the statistics will be calculated for all the packets in the scope. Using the TShark we can create a Protocol based Hierarchy Statistics listing the number of packets and bytes using the “io,phs” option in the “-z” parameter. This gives us an exhaustive list of various supported formats as shown in the image given below. Initially, to learn about all the different options inside the “-z” parameter, we will be running the TShark with the “-z” parameter followed by the help keyword. To accomplish this, we will be using the “-z” parameter with TShark.
TShark collects different types of Statistics and displays their result after finishing the reading of the captured file. We will understand different ways in which we can sort our traffic capture so that we can analyse it faster and effectively. In this part, we will the Statistical Functionalities of TShark.
In the previous article, we learned about the basic functionalities of this wonderful tool called TShark.
0 kommentar(er)
