Menu
I need a program which prints the number of packets in a capture file which uses the pcap format. This number does not seem available in the pcap header (probably because it is written before the capture starts) and it does not seem there is a "footer" in the file, with this information.
So, I believe the only algorithm is to loop over all the packets and sum them. It is in O(N) and, for large traces, quite long.
I post here to see if someone has a cleverer idea?
I tagged with "C" because it is the language I currently use but I believe it is a language-independant issue.
711
But if you just want to know how many displayed packets there are, you could just look at the Wireshark status line where it will indicate the number of displayed packets. Statistics -> Capture File Properties will also tell you the number of displayed packets.
Once you have captured some packets or you have opened a previously saved capture file, you can view the packets that are displayed in the packet list pane by simply clicking on a packet in the packet list pane, which will bring up the selected packet in the tree view and byte view panes.
Wireshark can read in previously saved capture files. To read them, simply select the File → Open menu or toolbar item. Wireshark will then pop up the “File Open” dialog box, which is discussed in more detail in Section 5.2. 1, “The “Open Capture File” Dialog Box”.
Robert Edmonds, author of pcaputils, mentioned to me that there is already a program doing what I want, capinfos, in the Wireshark package. It displays various indications about a pcap file, including the number of packets it contain.
Reading the code source, it appears to work by walking the whole file, sequentially.
56
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
