Revision history [back]
Trying to Combine fields and Stats in an Output File with Tshark
I am currently trying to extract network features using Tshark and have been able to extract basic features with -T -e command and am able to calculate useful statistics using -z,io,stats. But I am looking for a way to extract them in the same output file.
I have two commands
tshark -r packet1.pcap -z io,stat,1,SUM(frame.len)frame.len -q > test.csv
and
tshark -r packet1.pcap -T fields -e ip.proto -e ip.flags -e frame.len -E header=y -E separator=, -E quote=d > test.csv
Is there any way to combine them to so I can get an output file with the IP protocol, Ip flag, frame length, and the average frame length for that interval?
Thank you
Trying to Combine fields and Stats in an Output File with Tshark
I am currently trying to extract network features using Tshark and have been able to extract basic features with -T -e command and am able to calculate useful statistics using -z,io,stats. But I am looking for a way to extract them in the same output file.
I have two commands
tshark -r packet1.pcap -z io,stat,1,SUM(frame.len)frame.len -q > test.csv
and
tshark -r packet1.pcap -T fields -e ip.proto -e ip.flags -e frame.len -E header=y -E separator=, -E quote=d > test.csv
Is Ts there any way to combine them to so I can get an output file with the IP protocol, Ip flag, frame length, and the average frame length for that interval?
Thank you