R – Tool for network traffic analysis of a custom protocol

custom-protocoltrafficwireshark

The protocol is very simple and is developed on top of TCP. I need to analyze a big libpcap dump file to calculate the average value and standard deviation of the conversation time and of the number of packets per conversation.

Using Wireshark it's simple to analyze the TCP conversations between the endpoints, but the summary includes all of the TCP packets (lots of SYNs, ACKs and FINs), and this messes up the data.

Is there another tool to do this kind of analysis? Is there a way to EASILY extend Wireshark's functionality?

Best Answer

You can check out the Argos custom protocol analyzer. It is a commercial tool and it has a powerful and easy to use XML protocol definition language. Additionally it can monitor Ethernet and IP traffic as Wireshark does and open Libcap files

Related Topic