On Wed, Jun 11, 2008 at 01:50:32PM +0800, ?????? wrote:
> recently i am trying to analyze the pcap file in order to konw
> the protocol'type in the content of the file
> can you tell me some programe that can do the above?thanks
If I understand you correctly, you want to know what protocols are
in a particular tracefile without having to open it in your protocol
analyser?
Well, without reading the file, this is not possible, there are no
protocol statistics inside the pcap file. You will need to read the
whole file to build the statistics. tshark (which comes with wireshark)
is capable of doing this:
[sake@vm-fedora8 trunk]$ tshark -r file.cap -qz io,phs
===================================================================
Protocol Hierarchy Statistics
Filter: frame
frame frames:79679 bytes:13589551
eth frames:79679 bytes:13589551
ip frames:79673 bytes:13589203
tcp frames:79673 bytes:13589203
http frames:9113 bytes:4954211
malformed frames:82 bytes:7156
image-gif frames:1519 bytes:1240883
data-text-lines frames:160 bytes:123448
media frames:51 bytes:32775
ssl frames:8890 bytes:3553534
malformed frames:764 bytes:75674
tcp.segments frames:932 bytes:491318
http frames:531 bytes:46571
data-text-lines frames:512 bytes:34695
ssl frames:401 bytes:444747
ssl frames:1 bytes:1030
arp frames:6 bytes:348
===================================================================
[sake@vm-fedora8 trunk]$
Is this what you are looking for?
Cheers,
Sake