Print Summary of PCAP file
1,025 views
Skip to first unread message
JP
Aug 10, 2012, 4:06:44 PM8/10/12
to netsn...@googlegroups.com
Hi Everyone,
How do I get a summary analysis of a PCAP file?
What I want is the number of packets, the number of dropped packets, the number
of duplicate packets, etc without the individual packet details listed.
Thanx in advance so far you have been awesome!
-John
How do I get a summary analysis of a PCAP file?
What I want is the number of packets, the number of dropped packets, the number
of duplicate packets, etc without the individual packet details listed.
Thanx in advance so far you have been awesome!
-John
Emmanuel Roullit
Aug 10, 2012, 4:17:14 PM8/10/12
to netsn...@googlegroups.com
On 08/10/2012 10:06 PM, JP wrote:
> Hi Everyone,
>
> How do I get a summary analysis of a PCAP file?
>
> What I want is the number of packets, the number of dropped packets, the number
> of duplicate packets, etc without the individual packet details listed.
>
capinfos can give you some basic info about the capture.
> Hi Everyone,
>
> How do I get a summary analysis of a PCAP file?
>
> What I want is the number of packets, the number of dropped packets, the number
> of duplicate packets, etc without the individual packet details listed.
>
$ capinfos test.pcap
File name: test.pcap
File type: Wireshark/tcpdump/... - libpcap
File encapsulation: Ethernet
Packet size limit: file hdr: 65535 bytes
Number of packets: 2778
File size: 728660 bytes
Data size: 684188 bytes
Capture duration: 1118 seconds
Start time: Sun Aug 5 22:46:49 2012
End time: Sun Aug 5 23:05:27 2012
Data byte rate: 611.81 bytes/sec
Data bit rate: 4894.50 bits/sec
Average packet size: 246.29 bytes
Average packet rate: 2.48 packets/sec
SHA1: a2b54c1bbfaabfc5849c427a85ccb48a9fd8c338
RIPEMD160: 7b23d4483fa5cc3eb833d40408112adca00812b6
MD5: 42123fae77f784ea901bb5931003634c
Strict time order: True
However, dropped packets statistics are not saved in tcpdump 2.4
captures. Such info can be only obtained at the end of a capture
operation with netsniff-ng for instance.
sudo ./netsniff-ng --in wlan0 --out test.pcap --silent
[...]
926 frames incoming
926 frames passed filter
0 frames failed filter (out of space)
0.0000% frame droprate
10 sec, 708918 usec in total
Cheers,
Emmanuel
JP
Aug 10, 2012, 4:36:36 PM8/10/12
to netsn...@googlegroups.com
Emmanuel Roullit <emmanuel@...> writes:
>
> On 08/10/2012 10:06 PM, JP wrote:
>
> capinfos can give you some basic info about the capture.
>
>
Thank you for your details it sheds some light on what I am trying to get.
>
> On 08/10/2012 10:06 PM, JP wrote:
>
> capinfos can give you some basic info about the capture.
>
>
The Wireshark's RTP Stream Analysis screen does show a packet loss statistic per
stream. This appears to be an active analysis of the capture file. I am trying
to duplicate this functionality with another tool as I think Wireshark may have
some bugs in its analysis.
Is anyone aware of another tool that can actively look through a PCAP file for
missing packets in a stream (TCP of course as UDP is connectionless)?
Thanx in advance!
-John
Daniel Borkmann
Aug 10, 2012, 5:11:23 PM8/10/12
to netsn...@googlegroups.com
http://tcpreplay.synfin.net/
Otherwise there's always the option to hack a small tool on your own.
Reply all
Reply to author
Forward
0 new messages