Thanks for all the tips!
I've just tried using the -R "not frame" but that only resulted in me not getting any values except 0 for all stats I tried to get. I do get stats using -q though.
Not sure if this may have something to do with the problem I'm having getting any stats for the average packet size using:
-z "io,stat,100,AVG(frame.pkt_len)frame.pkt_len"
It seems as if it disregards any filter I attatch. Anyone know what I'm doing wrong here?
I did find the plen,tree syntax to get packet length distribution though thanks to your tips. Is it possible to any way set the interval to any other settings than the default ones?
Thanks yet again,
Nicklas
-----Original Message-----
From: ethereal-users-bounces@xxxxxxxxxxxx
[mailto:ethereal-users-bounces@xxxxxxxxxxxx]On Behalf Of ronnie sahlberg
Sent: den 19 oktober 2005 12:00
To: Ethereal user support
Subject: [Ethereal-users] Re: tethereal vs ethereal functionality
See the man page for tethereal
Try
tethereal -r capture_file.cap -R "not frame" -z conv,tcp
for statistics on number of packets in each direction for each tcp socket pair.
try -z with no extra parameter for a list of available stat types.
try -z conv, for a help screen with which conversation statistics
are available.
On 10/19/05, ronnie sahlberg <ronniesahlberg@xxxxxxxxx> wrote:
> To supress the output of the packet summary lines to the output you
> can use the -q parameter.
> Older versions of tethereal i belive had issues with -q and it did not
> work properly.
>
> I usually use -R "not frame" instead of -q as a habit instead.
>
> Any of these two options will make tethereal only print the (if any)
> -z statistics once it has reached the end of the capture file.
>
>
> Most of the statistics in ethereal has a counterpart in tethereal
> using the -z parameter.
>
> The difference between ethereal and tethereal is that the first
> requires interaction while the second often can be used successfully
> in scripts and batch jobs.
>
>
>
> On 10/19/05, Niklas Abrahamsson (KI/EAB)
> <niklas.abrahamsson@xxxxxxxxxxxx> wrote:
> > Hi,
> >
> > I've posted before about using tethereal for some analysis based on
> > tcpdump-files from a network. While playing around with ethereal and
> > tethereal I realised that I don't know what the difference between the
> two
> > programs are or if there even is one? That was just something I took for
> > granted that there was no difference.
> >
> > I've been trying to do something very simple to start with in tethereal
> and
> > that is to get the average paketsize from a dump and save the results to
> a
> > file. However what I get is basicly a copy of the dump-file since
> tethereal
> > prints the packets to the file and not the result of the statisticquery.
> How
> > would I do to only get the statistics written?
> >
> > The next step I wanted to go exploring is to get a output of the usage of
> > different ports by the captured packets. I guess just to count the number
> of
> > times all ports are used and save the results to a file. Is this
> possible?
> >
> > Thanks in advance,
> >
> > Nicklas
> >
> > _______________________________________________
> > Ethereal-users mailing list
> > Ethereal-users@xxxxxxxxxxxx
> > http://www.ethereal.com/mailman/listinfo/ethereal-users
> >
>
_______________________________________________
Ethereal-users mailing list
Ethereal-users@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-users
