Wireshark-bugs: [Wireshark-bugs] [Bug 3498] Enhancement for protocol validation with tshark
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3498
--- Comment #1 from Sake <sake@xxxxxxxxxx> 2009-05-28 22:38:01 PDT ---
Hi Bryant,
Would the following suit your need as well?
tshark -r sharkfest-1.cap -R expert -T fields -e expert
Expert Info (Chat/Sequence): Connection establish request (SYN): server port
http
Expert Info (Chat/Sequence): Connection establish acknowledge (SYN+ACK): server
port http
Expert Info (Error/Checksum): Bad checksum
Expert Info (Chat/Sequence): GET / HTTP/1.1\r\n
Expert Info (Error/Checksum): Bad checksum
Expert Info (Error/Checksum): Bad checksum
Expert Info (Error/Checksum): Bad checksum
Expert Info (Warn/Sequence): Previous segment lost (common at capture start)
[...]
Or "tshark -r sharkfest-1.cap -R expert -T fields -e expert | sort | uniq -c |
sort -rn | head" for a top10 list?
$ tshark -r sharkfest-1.cap -R expert -T fields -e expert | sort | uniq -c |
sort -rn | head
660 Expert Info (Error/Checksum): Bad checksum
163 Expert Info (Chat/Sequence): Connection establish acknowledge
(SYN+ACK): server port http
161 Expert Info (Chat/Sequence): Connection establish request (SYN): server
port http
128 Expert Info (Chat/Sequence): Connection finish (FIN)
103 Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n
39 Expert Info (Warn/Sequence): Previous segment lost (common at capture
start)
34 Expert Info (Note/Sequence): Retransmission (suspected)
23 Expert Info (Note/Sequence): Duplicate ACK (#1)
12 Expert Info (Chat/Sequence): HTTP/1.1 302 Found\r\n
9 Expert Info (Chat/Sequence): HTTP/1.1 304 Not Modified\r\n
I have not looked at your patch yet, if it does add functionality that can't be
achieved this way, I'll definitely have a look at it :-)
Cheers,
Sake
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
