PCAP is not well suited to what you describe. Most people use Sflow/Cflow/... instead.
Owen On Feb 23, 2012, at 12:19 PM, Maverick wrote: > I want to be able to see information like how much traffic an ip send > over a period of time, what machines it talked to etc from this > perspective it should be IP based but I would really like to know how > other people do it. > > Best, > Ali > > On Thu, Feb 23, 2012 at 3:14 PM, Jeroen Massar <jer...@unfix.org> wrote: >> On 2012-02-23 21:11 , Maverick wrote: >>> Hello, >>> >>> I am trying to collect traffic traffic from pcap file and store it in >>> a database but really confused how to organize it. Should I organize >>> it on connection basis/ flow basis or IP basis. >>> >>> It might be an effort to write a customized traffic analysis tool like >>> wireshark with only required functionality. I would really appreciate >>> if someone can give me direction on write way of organizing the data >>> because right now I only see individual packets and no way of putting >>> them in some order. >> >> Does this all not completely depend on what you actually want to do with >> it? You might want to start there instead of the other way around. >> >> Greets, >> Jeroen >>