Analysis pcap packets, the amount is larger, 5-10 terabytes of data packets, divided into 500 MB each package, I want to learn to write a program statistics the basic information of the IP session, best can generate documentation, Excel or database can be
B need A statistical IP address, IP address, session data size, amount of data sent to B, B sends A data quantity, used to and wireshark can't satisfy the
Because families to read much more packages will be incomplete statistics, lost a lot of information, wireshark can read each time the package is too small, I need a run several T packet finally see statistical information
Saw a son of the BBS some using WinPcap programming, mainly focus on caught, but now I will focus on the analysis of the statistics, masters show a method, can handle several T packets, needs the results of the best reference to and statistical format of wireshark, existing packet to 500 MB each, can handle for other sizes, 100 MB - 2 g can
Thank you very much, please advise a way to concrete do I continue to learn
CodePudding user response:
Search PDH?CodePudding user response:
What is the PDH?CodePudding user response:
Do this way, it is best to bypass analysis directly in the entity on IP capture analysis software installation, hardware demandingIn addition this analysis I suggest you written in python, python for this kind of data analysis is more convenient, there may be readily available third-party analysis library
CodePudding user response:
Pcap message format definition, cycle read pcap files and statistics is not good?CodePudding user response:
Recommend a processing to the original poster pcap file python library, pyshark, with tshark analysis function, is very convenient