Wireshark · Wireshark-users: [Wireshark-users] FW: Support Help--Wireshark

Wireshark-users: [Wireshark-users] FW: Support Help--Wireshark

From: "Sam O. George" <sogeorge@xxxxxxxxxxxx>

Date: Thu, 1 Feb 2007 11:57:59 -0800

Hi:

I am looking for some urgent help with TSHARK—can you help or point me in the direction.

[1] I run tshark on captured data to product the protocol stats shown below. My command line is:

tshark -r dump.dmp -zio,phs > out.tshark

[2] TSHARK produces the hierarchy shown below—but I am confused by the hierarchy. Particularly, the different levels of X11 traffic are proving difficult to reconcile with other tools like WildPackets. Can you give me some guidance on interpretation.

[3] Also, I am also trying to get accurate view of CIFS data. It’s not clear from looking at these data what our CIFS content is.

[4] I am trying to extract packet sizes in addition to frame sizes. How do I do this?

===================================================================

Protocol Hierarchy Statistics

Filter: frame

frame frames:108460 bytes:100665613

eth frames:108460 bytes:100665613

ip frames:108421 bytes:100662280

tcp frames:105535 bytes:99888046

data frames:65388 bytes:96299758

ssh frames:640 bytes:235392

x11 frames:3618 bytes:420780

x11 frames:471 bytes:119050

x11 frames:276 bytes:94568

x11 frames:226 bytes:87624

x11 frames:136 bytes:73200

x11 frames:121 bytes:70502

x11 frames:109 bytes:67630

x11 frames:98 bytes:65308

x11 frames:82 bytes:60664

x11 frames:73 bytes:58298

x11 frames:66 bytes:56036

x11 frames:59 bytes:53742

x11 frames:54 bytes:50820

...x11 frames:53 bytes:50338

...x11 frames:51 bytes:49446

...x11 frames:50 bytes:48868

...x11 frames:48 bytes:47860

...x11 frames:46 bytes:46576

...x11 frames:45 bytes:46206

...x11 frames:42 bytes:44088

...x11 frames:40 bytes:42788

...x11 frames:37 bytes:40530

...x11 frames:35 bytes:39414

...x11 frames:34 bytes:38488

...x11 frames:32 bytes:36448

...x11 frames:31 bytes:34934

...x11 frames:30 bytes:33568

...x11 frames:19 bytes:23214

...x11 frames:17 bytes:20194

...x11 frames:8 bytes:12112

...x11 frames:7 bytes:10598

...x11 frames:6 bytes:9084

...x11 frames:5 bytes:7570

...x11 frames:4 bytes:6056

...x11 frames:3 bytes:4542

...x11 frames:2 bytes:3028

...x11 frames:1 bytes:1514

dcerpc frames:296 bytes:93139

mapi frames:6 bytes:1080

epm frames:6 bytes:1248

drsuapi frames:8 bytes:1744

rpc_netlogon frames:4 bytes:3320

tcp.segments frames:74 bytes:54370

x11 frames:25 bytes:31750

x11 frames:24 bytes:30236

x11 frames:20 bytes:26372

x11 frames:19 bytes:24858

x11 frames:17 bytes:21898

x11 frames:16 bytes:20384

x11 frames:15 bytes:18870

x11 frames:14 bytes:18524

...x11 frames:14 bytes:18524

...x11 frames:12 bytes:17200

...x11 frames:11 bytes:15686

...x11 frames:10 bytes:14172

...x11 frames:9 bytes:12658

...x11 frames:8 bytes:11264

...x11 frames:7 bytes:9750

...x11 frames:6 bytes:8236

...x11 frames:5 bytes:6722

...x11 frames:4 bytes:5656

...x11 frames:3 bytes:4142

...x11 frames:2 bytes:3028

...x11 frames:1 bytes:1514

http frames:7 bytes:4559

data-text-lines frames:5 bytes:4244

nbss frames:25 bytes:14234

smb frames:25 bytes:14234

pipe frames:2 bytes:212

dcerpc frames:2 bytes:212

spoolss frames:2 bytes:212

ldap frames:2 bytes:745

ldap frames:1 bytes:613

kerberos frames:2 bytes:292

rpc frames:13 bytes:2790

ypserv frames:11 bytes:2530

nfs frames:1 bytes:110

portmap frames:1 bytes:150

rpc frames:96 bytes:17252

nfs frames:49 bytes:9190

portmap frames:30 bytes:3356

ypserv frames:15 bytes:2826

rpc frames:1 bytes:1414

portmap frames:1 bytes:1414

rlogin frames:2 bytes:1947

nbss frames:481 bytes:88517

smb frames:475 bytes:88025

dcerpc frames:10 bytes:2116

spoolss frames:2 bytes:596

pipe frames:22 bytes:6508

dcerpc frames:20 bytes:4232

spoolss frames:20 bytes:4232

dcerpc.cn_deseg_req frames:2 bytes:2276

ldap frames:19 bytes:4612

ymsg frames:4 bytes:665

http frames:78 bytes:61919

data-text-lines frames:3 bytes:2228

image-gif frames:2 bytes:766

xml frames:1 bytes:902

imap frames:8 bytes:749

ssl frames:2 bytes:182

rsh frames:36 bytes:5601

ucp frames:1 bytes:361

msnms frames:2 bytes:120

icmp frames:41 bytes:3882

udp frames:2620 bytes:429702

rpc frames:2106 bytes:350320

nfs frames:1904 bytes:324828

ypserv frames:188 bytes:24100

portmap frames:6 bytes:504

mount frames:8 bytes:888

dns frames:83 bytes:10073

nbns frames:5 bytes:466

syslog frames:284 bytes:56483

data frames:80 bytes:5184

snmp frames:52 bytes:5488

cldap frames:2 bytes:438

nbdgm frames:2 bytes:486

smb frames:2 bytes:486

mailslot frames:2 bytes:486

browser frames:2 bytes:486

rip frames:2 bytes:252

lmp frames:2 bytes:228

lwres frames:2 bytes:284

data frames:225 bytes:340650

arp frames:29 bytes:1740

llc frames:9 bytes:1533

stp frames:4 bytes:240

ddp frames:1 bytes:60

rtmp frames:1 bytes:60

cdp frames:3 bytes:1147

hpext frames:1 bytes:86

hpsw frames:1 bytes:86

loop frames:1 bytes:60

data frames:1 bytes:60

Prev by Date: [Wireshark-users] CORBA message filtering
Next by Date: [Wireshark-users] Filtering Parameters for h323 VOIP Calls
Previous by thread: Re: [Wireshark-users] CORBA message filtering
Next by thread: [Wireshark-users] Filtering Parameters for h323 VOIP Calls
Index(es):
- Date
- Thread