![]() Do the division, and launch Wireshark if the throughput is over a designated threshold. To automate, run that however often you want - maybe every five minutes - and then parse the results with your favorite tool to pull out the duration and the total bytes. You can then divide 8694272 bytes by 29.1 seconds to see a throughput of 298,772 bytes per second during that capture window. It'll stop after 30 seconds (or you can end it early, typically with Ctrl+ C) and you'll get a summary like this: 12645 packets captured The zero interval means the statistics will be calculated over all packets. z io,stat,0 : Collect and display IO statistics at the end, using an interval of zero seconds. It is a freeware tool that, once mastered, can provide valuable insight into your environment. Wireshark is a very useful tool for information security professionals and is thought of by many as the de facto standard in network packet and protocol analysis. q : Don't display the packets as they are captured just display a summary at the end PCAP analysis basics with Wireshark updated 2021 Januby Graeme Messina. a duration:30 : autostop after 30 seconds ![]() ![]() Its very nearly what you craving currently. (You can use tshark -D to get a list of interfaces to choose from.) You may not be perplexed to enjoy all book collections Wireshark Network Analysis Second Edition The Official Wireshark Certified Network Analyst Study Guide that we will enormously offer. Adjust as needed for your desired interface. You can run TShark with these options: tshark -i 1 -a duration:30 -q -z io,stat,0
0 Comments
Leave a Reply. |