How to use tshark or tcpdump to calculate bytes transmitted
Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
How to use tshark or tcpdump to calculate bytes transmitted
I am using this command with tshark:
tshark -r pcapfile "tcp and ip.src==192.168.1.1" -T text -V -x | grep 'Total Length'
This essentially parses the pcap for only connections from the source ip and looks for the total length in bytes from each packet. I get output like this:
Total Length: 125
Total Length: 210
Total Length: 40
Total Length: 125
etc, etc....
What I need to do is take the numbers from Total Length and add them up so I can get an idea of how much data was passed over the wire in the time frame of the pcap from a single IP. Is there a command I can add on the end of the one I am using to do this?
Write a script to loop while issuing that command, add a pipe using the cut function to remove the text for "Total Length:" and then add the numerical values together either by building an array or just adding iteratively to a variable. Each iteration of the loop you can output your total and then sleep for some period, say one second.
Not sure you can do it with just one command, although the whole loop can technically be a command typed at the command prompt, it's just easier to test, modify, and maintain if you make it a script. Plus you'll have to save the processed output to a variable as you add it up.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.