On 08/10/2012 10:06 PM, JP wrote:
Hi Everyone,
How do I get a summary analysis of a PCAP file?
What I want is the number of packets, the number of dropped packets, the number
of duplicate packets, etc without the individual packet details listed.
capinfos can give you some basic info about the capture.
$ capinfos test.pcap
File name: test.pcap
File type: Wireshark/tcpdump/... - libpcap
File encapsulation: Ethernet
Packet size limit: file hdr: 65535 bytes
Number of packets: 2778
File size: 728660 bytes
Data size: 684188 bytes
Capture duration: 1118 seconds
Start time: Sun Aug 5 22:46:49 2012
End time: Sun Aug 5 23:05:27 2012
Data byte rate: 611.81 bytes/sec
Data bit rate: 4894.50 bits/sec
Average packet size: 246.29 bytes
Average packet rate: 2.48 packets/sec
SHA1: a2b54c1bbfaabfc5849c427a85ccb48a9fd8c338
RIPEMD160: 7b23d4483fa5cc3eb833d40408112adca00812b6
MD5: 42123fae77f784ea901bb5931003634c
Strict time order: True
However, dropped packets statistics are not saved in tcpdump 2.4
captures. Such info can be only obtained at the end of a capture
operation with netsniff-ng for instance.
sudo ./netsniff-ng --in wlan0 --out test.pcap --silent
[...]
926 frames incoming
926 frames passed filter
0 frames failed filter (out of space)
0.0000% frame droprate
10 sec, 708918 usec in total
Cheers,
Emmanuel
Thanx in advance so far you have been awesome!
-John
--
You received this message because you are subscribed to the Google
Groups "netsniff-ng" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
http://netsniff-ng.org
