First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

How can I get the flow count from a pcap file ?

I have a basic question please. I want to know how can get the flows count from a pcap file please ? I got the packets count by doing staticstics --> file properties but I need to know the flows count and if it is possible some statistics per flows

salwa1215's avatar
1
salwa1215
asked 2020-05-13 18:06:08 +0000
edit flag offensive 0 remove flag close merge delete

Comments

Can you define what a "flow" is?

Chuckc's avatar Chuckc (2020-05-13 18:14:40 +0000) edit
more
  • delete

flow is all packets belonging to this quintuplet (src ip, dest ip, src port, dest port, protocol)

salwa1215's avatar salwa1215 (2020-05-14 12:32:30 +0000) edit
more
  • delete
add a comment see more comments

1 Answer

0

Probably the Conversations in the Statistics menu should give you a pretty good insight.

Jaap's avatar
13.7k
Jaap
answered 2020-05-13 22:02:35 +0000
edit flag offensive 0 remove flag delete link
more

Comments

Can also get with tshark:

$ tshark -r ./ultpcap2.pcapng -q -z conv,tcp > tcp.conv
$ tshark -r ./ultpcap2.pcapng -q -z conv,udp > udp.conv
Chuckc's avatar Chuckc (2020-05-14 14:32:33 +0000) edit
more
  • delete
add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer