0

i can retrieve the follow info from a .pcap :

================================================================================
IPv4 Conversations
Filter:ip.addr==1xx.1xx.0.1xx
                                               |       <-      | |       ->      | |     Total     |
                                               | Frames  Bytes | | Frames  Bytes | | Frames  Bytes |
1xx.1xx.0.1xx        <-> xx.xx.xxx.1xx             655    104293     845    427945    1500    532238
1xx.1xx.0.1xx        <-> x1.x4.x0.xx6             356     56107     571    439283     927    495390

but i want the duration of the conversation between one ip and the other... in the Wireshark i can copy that info but in tshark i cant. anyone knows how to ?

Improve this question

1 Answer 1

Reset to default
0

You can redirect to a file, here is an example:

$ tshark -r test_04.pcap -q -z conv,ip,ip.addr==10.10.10.20 > conv_10101020.txt
Improve this answer
1
  • i try that one before that dont give me the duration ( time ) of the conversation between A and B only the resume in frames and bytes ... the Duration Column that exist's on the Wireshark GUI statitis conversation window does no exists
    – drd0sp.pt
    Commented Jul 16, 2013 at 9:35

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .