Wireshark-users: Re: [Wireshark-users] Extracting the no. of ports in a pcap
From: "j.snelders" <j.snelders@xxxxxxxxxx>
Date: Sat, 20 Aug 2011 09:01:54 +0200
Hi Nitin,

You can use the option -T fields to create a .csv file:

$ tshark -r test.pcap -T fields -e ip.src -e tcp.srcport -e ip.dst -e tcp.dstport
-E header=y > test.csv
ip.src  tcp.srcport     ip.dst  tcp.dstport
10.0.1.2       1337    10.0.177.195   80
10.0.177.195   80      10.0.1.2       1337
10.0.1.2       1337    10.0.177.195   80


Or have a look at TShark statistics:

$ tshark -r test.pcap -q -z conv,tcp
================================================================================
TCP Conversations
Filter:<No Filter>
                                               |       <-      | |      
->      | |     Total     |

                                               | Frames  Bytes | | Frames
 Bytes | | Frames  Bytes |

10.0.1.2:1386     <-> 10.0.220.20:80         111    142403      57      3618
    168    146021
10.0.1.2:1367     <-> 10.0.220.20:80          54     73813      30      2061
     84     75874
10.0.1.2:1344     <-> 10.0.178.11:80          43     57501      29      3622
     72     61123


See the man-page for more information:
http://www.wireshark.org/docs/man-pages/tshark.html

Hope this helps
Joke

On Sat, 20 Aug 2011 11:11:24 +0530 NITIN GOYAL wrote:
>Hi
>
>I have a big pcap which i want to convert into pdml format. This pcap have
>multiple sessions on different ports on a combination of Src and Dst. IP.
>
>Like
>10.x.x.x [port1]  172.0.0.1 [port y]
>10.x.x.x [port2]  172.0.0.1 [port y]
>10.x.x.x [port3]  172.0.0.1 [port y]
>10.x.x.x [port4]  172.0.0.1 [port y]
>
>Now, is there any way, i can get the numbers of ports and their list before
>i start making the pdml for each port. SO, i can call tshark.exe in a
>multi-threaded program which call multiple instances of tshark for different
>ports and i get multiple pdml files for multiple ports simultaneously.
>
>Guys, can somebody give my any advice for the things explained above.
>
>Thanks
>Nitin