Ethereal-users: Fw: [Ethereal-users] Saving Statistics to a File

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Chris Bradt <ctbradt@xxxxxxxxxx>
Date: Thu, 6 May 2004 10:10:21 -0500

This works great! Using an existing, saved trace as input in this way will be very usefull. I've had experience with a number of protocol analyzers and am new to Ethereal but it certainly looks to have some great capabilities and flexibility. Thanks ...

Chris Bradt
IBM Global Services

----- Forwarded by Chris Bradt/Des Moines/IBM on 05/06/2004 10:04 AM -----

          "Martin Regner" <martin.regner@xxxxxxxxx>

          05/05/2004 11:28 PM


To

"Ethereal user support" <ethereal-users@xxxxxxxxxxxx>

cc

Chris Bradt/Des Moines/IBM@IBMUS

Subject

Re: [Ethereal-users] Saving Statistics to a File


Chris Bradt wrote:
<Is there a way to save the statistics data to a file? For example,
<I'm looking at a list of IPv4 conversations generated by doing
<Statistics - Conversation List - IPv4. Great info but I'd like to
<be able to save it off for further/later analysis.


It is currently not possible to do that from Ethereal, but you can use Tethereal, the command line version
of Ethereal, to produce a similar output as in the conversation list.
Tethereal is included in the Ethereal distribution.

http://www.ethereal.com/docs/man-pages/tethereal.1.html

      -z conv,type[,filter]
      Create a table that lists all conversations that could be seen in the capture. type specifies which type of conversation we want to generate the statistics for, currently the supported ones are ``eth'' Ethernet ``fc'' Fibre Channel ``fddi'' FDDI ``ip'' IP addresses ``ipx'' IPX addresses ``tcp'' TCP/IP socketpairs Both IPv4 and IPv6 are supported ``tr'' TokenRing ``udp'' UDP/IP socketpairs Both IPv4 and IPv6 are supported
      If the optional filter string is specified, only those packets that match the filter will be used in the calculations.
      The table is presented with one line for each conversation and displays number of frames/bytes in each direction as well as total number of frames/bytes. The table is sorted according to total number of bytes.

You can try with something like

<tethereal -r infile.cap -R "eth and !eth" -z conv,ip > statistic_result.txt

The <<<-R "eth and !eth">>> option I use in the above example is to get just the conversation printout without printing out all the frames .

No frames should match that condition, so just the conversation printout is displayed.

It may be good to prepare a batch-script that takes the input file name and runs Tethereal with the options you want and maybe also does

all or some of the prost-processing of the file.

<my_statistics infile.cap

Generating IPv4 conversation printout with tethereal for the file "infile.cap" to file "ip4stat.log"

173 ip conversations found

The formatted information is available in file "infile.cap_ip4stat.csv" ready to be loaded into spreadsheet program

GIF image

GIF image