On 10 aug 2010, at 04:53, Jeffs wrote:
> On 8/9/2010 10:47 PM, Jeffs wrote:
>> On 8/9/2010 11:25 AM, Sake Blok wrote:
>>
>>> Have a look at the presentation I gave at Sharkfest'10, it shows you how you can accomplish something quite similar with Tshark and some (minor) scripting. You should be able to change the commands to your needs.
>>>
>>> http://www.cacetech.com/sharkfest.10/A-6_Blok%20HANDS-ON%20LAB%20-%20Using%20Wireshark%20Command%20Line%20Tools%20and%20Scripting.zip
>>
>> Question: in the wonderful example in that paper for finding the top 10
>> requested URLs, with this formula:
>>
>> tshark -r example.cap -R http.request -T fields -e http.host -e
>> http.request.uri | sed -e 's/?.*$//' | sed -e
>> 's#^\(.*\)\t\(.*\)$#http://\1\2#' | sort | uniq -c | sort -rn | head
>>
>> Where does one set the top "10"? How would I change that to, say, top
>> "20" or whatever? Or does uniq -c always just produce the top 10?
>>
> I can now answer my own question:
TIP: During my presentation @ Sharkfest'10 I built the command sequence step by step, you might want to try that too to get a full grasp of what each step does. That way you will be able to craft your own command sequence a little easier.
Cheers,
Sake
