I've got a huge pcap file (many GBs) that I just can't load in wireshark. What I need is extracting bandwidth usage information, both total and per-protocol (in both incoming and outgoing direction), from it, and possibly graph it in a manager-friendly way.
Essentially, I need something that can process pcap files on the command line, and outputs usage statistics in a format suitable for visualization or usage with tools like rrdtool et al. Any advice welcome.
You could try using the commandline version of wireshark
tshark
to extract the statistics. There are some examples in tshark's manpage under-z
, e.g.io,stat,0,smb
for all SMB packets.