Untitled

# parsing pcap capture file with tshark
```bash
tcpdump -r vagrant_up.pcap -w outfile.pcap "dst port 5150"
tshark -r vagrant_up.pcap -n -T fields -e ip.src -e tcp.srcport -e ip.dst -e tcp.dstport
tshark -r vagrant_up.pcap -T json > /tmp/output.json
jq '.|length' /tmp/output.json
jq '.[4000]' /tmp/output.json
```

# follow a tcp communication between two nodes
```bash
tshark -r vagrant_up.pcap -z "follow,tcp,hex,192.168.3.200:46168,192.168.3.100:5150" > /tmp/o46168_f5150.follow
```

# capture 100 packets with filter and in json format
```bash
tshark -i enp0s8 -c 100 -n -T json -e ip.src -e tcp.srcport -e ip.dst -e tcp.dstport -e data.data -e data.len -e udp 'src host (192.168.3.200 or 192.168.3.100)' | tee /tmp/capture100.json
```

# statistics of 1000 packets across nodes
```bash
tshark -i enp0s8 -c 1000 -n -T json -e frame.number -e frame.time_epoch -e frame.time_delta -e ip.src -e tcp.srcport -e udp.srcport -e ip.dst -e tcp.dstport -e udp.dstport -e data.data -e data.len 'src host (192.168.3.200 or 192.168.3.100 or 192.168.3.123 or 192.168.3.2 or 192.168.3.45) and (tcp or udp)'
```