Wireshark-users: Re: [Wireshark-users] Good tools for pcap summary info, etc.?
From: "James Talbut" <James.Talbut@xxxxxxxxx>
Date: Thu, 25 Sep 2008 18:04:26 +0100
I wrote myself a python program to take the output from tshark and carry out a number of operations on it.
I break it down into four end products:
1. Chart of incoming and outgoing bytes per second (calculated per minute).
2. Chart of each of incoming and outgoing bytes per second as a stacked histogram of protocols.
3. Table of conversations that can be loaded into a spreadsheet to find the big users.
4. Table of protocols I don't like to see.
 
I tried a load of other tools, but found them all lacking in some way.
 
Jim

________________________________

From: wireshark-users-bounces@xxxxxxxxxxxxx on behalf of Jim Balo
Sent: Thu 25/09/2008 18:00
To: wireshark-users@xxxxxxxxxxxxx
Subject: [Wireshark-users] Good tools for pcap summary info, etc.?


Hello,
 
I am capturing all traffic leaving our network in order to determine what traffic should be allowed and what traffic should be blocked (by egress filtering).  Last time I did this, it was quite painful and took a long time.  
 
I know there are some built in tools in Wireshark for displaying summaries of pcap traffic, but I am interested in finding out what other tools are out there for anylyzing big pcap files and displaying summaries / statistics in various ways (like end-point communications w/ easy access to whois and/or other details for each node).  
 
Any help on this would be great!
 
Thanks,
JB
 


________________________________________________________________________
This e-mail, and any attachment, is confidential. If you have received it in error, do not use or disclose the information in any way, notify me immediately, and please delete it from your system.
________________________________________________________________________

<<winmail.dat>>