Wireshark-dev: [Wireshark-dev] New date format for the iostat dissector to merge multiple files
Hello,
This patch provide new date formats for the statistics generated with
tshark.
If you are capturing multiple files, you can merge the stats to generate a
gnuplot graph.
The format of the date is determined with the "-t" option. The default
format is the relativ one.
For relative: (./tshark -q -t r -z"io,stat,60,tcp" -r data.cap.gz)
Time |frames| bytes
000.000-060.000 742 51660
060.000-120.000 887 73599
For delta: (./tshark -q -t d -z"io,stat,60,tcp" -r data.cap.gz)
Time |frames| bytes
000.000 742 51660
060.000 887 73599
For absolute: (./tshark -q -t a -z"io,stat,60,tcp" -r data.cap.gz)
Time |frames| bytes
13:28:53 742 51660
13:29:53 887 73599
For absolute with date: (./tshark -q -t ad -z"io,stat,60,tcp" -r
data.cap.gz)
Time |frames| bytes
2006-07-12 13:28:53 742 51660
2006-07-12 13:29:53 887 73599
If you are using the absolute format, you can generate the stats for
several capture files, and make a merge of the results.
./tshark -q -t a -z"io,stat,60,tcp" -r data01.cap.gz > data01.nsv
../..
./tshark -q -t a -z"io,stat,60,tcp" -r data99.cap.gz > data99.nsv
Then you merge:
ls data*.nsv | sort | xargs cat | egrep "^[00-24]" > data.nsv
And you generate the graph:
gnuplot> set grid
gnuplot> set autoscale
gnuplot> set timefmt "%H:%M:%S"
gnuplot> set xdata time
gnuplot> set xlabel "Time measurement"
gnuplot> set ylabel "Number of messages"
gnuplot> plot "data.nsv" using 1:2 title 'Messages' with lines lt 1
(See attached file: tap-iostat.c.diff.gz)
Regards
Florent
Attachment:
tap-iostat.c.diff.gz
Description: Binary data
