tshark: Add option to display machine-readable conversation statistics
Addresses #18321.
tshark lost its ability to display raw byte counts for conversations (-z conv) a side-effect of enhancement #15360 (closed) human-readable numbers.
This commit adds a new tshark long option (--machine-readable) that prints raw byte counts for conversations. I used the ‘capinfos -M’ implementation as a reference (note: the -M option isn’t available for tshark).
Sample output for --machine-readable with and without ports displayed:
$ tshark --machine-readable -q -z conv,ip -r ...
================================================================================
IPv4 Conversations
Filter:<No Filter>
| <- | | -> | | Total | Relative | Duration |
| Frames Bytes | | Frames Bytes | | Frames Bytes | Start | |
192.168.20.18 <-> 72.249.41.52 30 9130 23 2059 53 11189 0.000000000 5.4307
192.168.20.18 <-> 72.167.18.239 6 2766 5 744 11 3510 1.581604000 0.2242
192.168.20.16 <-> 239.255.255.250 0 0 5 875 5 875 18.687826000 15.0240
================================================================================
$ tshark --machine-readable -q -z conv,tcp -r ...
================================================================================
TCP Conversations
Filter:<No Filter>
| <- | | -> | | Total | Relative | Duration |
| Frames Bytes | | Frames Bytes | | Frames Bytes | Start | |
192.168.20.18:50583 <-> 72.249.41.52:110 30 9130 23 2059 53 11189 0.000000000 5.4307
192.168.20.18:50584 <-> 72.167.18.239:80 6 2766 5 744 11 3510 1.581604000 0.2242
================================================================================For comparison, the output of the same commands without --machine-readable (no format change):
$ tshark -q -z conv,ip -r ...
================================================================================
IPv4 Conversations
Filter:<No Filter>
| <- | | -> | | Total | Relative | Duration |
| Frames Bytes | | Frames Bytes | | Frames Bytes | Start | |
192.168.20.18 <-> 72.249.41.52 30 9,130 bytes 23 2,059 bytes 53 11 kB 0.000000000 5.4307
192.168.20.18 <-> 72.167.18.239 6 2,766 bytes 5 744 bytes 11 3,510 bytes 1.581604000 0.2242
192.168.20.16 <-> 239.255.255.250 0 0 bytes 5 875 bytes 5 875 bytes 18.687826000 15.0240
================================================================================
$ tshark --machine-readable -q -z conv,tcp -r ...
================================================================================
TCP Conversations
Filter:<No Filter>
| <- | | -> | | Total | Relative | Duration |
| Frames Bytes | | Frames Bytes | | Frames Bytes | Start | |
192.168.20.18:50583 <-> 72.249.41.52:110 30 9,130 bytes 23 2,059 bytes 53 11 kB 0.000000000 5.4307
192.168.20.18:50584 <-> 72.167.18.239:80 6 2,766 bytes 5 744 bytes 11 3,510 bytes 1.581604000 0.2242
================================================================================