THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question

Revision history  [back]

Revision 2
grahamb's avatar
23.8k
grahamb
updated 2022-01-25 11:39:04 +0000

Need to Store the Protocol Heirarchy, Endpoint statistics, Conversation statistics, and http statistics in Json format using Tshark

I am using Wireshark for capturing the packers and Tshark for analysis purposes. When I am trying to store the Protocol Hierarchy, Endpoint statistics, Conversation statistics, and HTTP statistics result in JSON format using Tshark, I am not getting the output as I expected it to be but just a text file which I do not want. Could someone please help me to find a way out for this? I have attached the output I am getting after using the command sudo tshark -n -q -r dump.pcap -z io,phs > fff.json

Protocol Hierarchy Statistics

Filter: 

eth                                      frames:138 bytes:14034

  arp                                    frames:2 bytes:84

  ip                                     frames:136 bytes:13950

    udp                                  frames:112 bytes:11813

      dns                                frames:10 bytes:1145

      nbns                               frames:72 bytes:6624

      llmnr                              frames:12 bytes:792

      ntp                                frames:2 bytes:180

      nbdgm                              frames:4 bytes:972

        smb                              frames:4 bytes:972

          mailslot                       frames:4 bytes:972

            browser                      frames:4 bytes:972

      ssdp                               frames:12 bytes:2100

    tcp                                  frames:20 bytes:1921

      http                               frames:2 bytes:384

        data-text-lines                  frames:1 bytes:233

    igmp                                 frames:4 bytes:216
Revision 1
Hackeriit21's avatar
1
Hackeriit21
asked 2022-01-25 11:24:21 +0000

Need to Store the Protocol Heirarchy, Endpoint statistics, Conversation statistics, and http statistics in Json format using Tshark

I am using Wireshark for capturing the packers and Tshark for analysis purposes. When I am trying to store the Protocol Hierarchy, Endpoint statistics, Conversation statistics, and HTTP statistics result in JSON format using Tshark, I am not getting the output as I expected it to be but just a text file which I do not want. Could someone please help me to find a way out for this? I have attached the output I am getting after using the command sudo "sudo tshark -n -q -r dump.pcap -z io,phs > fff.jsonfff.json"

===================================================================

Protocol Hierarchy Statistics

Filter:

eth frames:138 bytes:14034

arp frames:2 bytes:84

ip frames:136 bytes:13950

Protocol Hierarchy Statistics

Filter: 

eth                                      frames:138 bytes:14034

  arp                                    frames:2 bytes:84

  ip                                     frames:136 bytes:13950

    udp                                  frames:112 bytes:11813

   dns                                frames:10 bytes:1145

   nbns                               frames:72 bytes:6624

   llmnr                              frames:12 bytes:792

   ntp                                frames:2 bytes:180

   nbdgm                              frames:4 bytes:972

     smb                              frames:4 bytes:972

       mailslot                       frames:4 bytes:972

          browser                      frames:4 bytes:972

   ssdp                               frames:12 bytes:2100

 tcp                                  frames:20 bytes:1921

   http                               frames:2 bytes:384

     data-text-lines                  frames:1 bytes:233

 igmp                                 frames:4 bytes:216

===================================================================