TL;DR I am looking for an efficient way to parse through and analyze multiple large pcap files without having to merge them all.
The information I am looking to extract is pretty simple, I just need the tcp streams present and the total # of bytes transferred in each stream. The output of 'tshark -r capture.pcapng -n -q -z conv,tcp' is pretty much exactly what I am looking to get. Unfortunately, the issue I am faced with is that I need to gather this output for hundreds of pcaps and synthesize them into one report. Normally I would merge the capture files together quickly and use tshark to do this, but in this case I am looking at 100s of pcaps amounting to over a TB altogether. Have any networking gurus out there been faced with a similar issue, or does anyone know of any open-source tools that could prove useful in accomplishing this? Unfortunately in this case, using less pcaps and gathering this information on a smaller scale is not an option.
Any suggestions?
No comments:
Post a Comment