Wireshark-users: Re: [Wireshark-users] top talkers by port usage or SYN attempts - ericsson error
jacob c wrote:
I appreciate the info. I have actually taken several captures now on
individual vlans and have located the top talkers. I also tried the
tshark command you mentioned below without success. I get the "ericsson
error" as show below. Here is what happens:
C:\Program Files\Wireshark>
Oops, cmd.exe, not a UN*X shell, so Sake's command won't work exactly.
If you have Cygwin installed, you could try it from Cygwin.
tshark -r c:\captures\0_0-10mins -T fields -e
ip.src
"tcp.flags.syn==1 &&
Could not open file: 'Ericsson.xml', error: No such file or directory
tshark: Unexpected end of filter string.
The "ericsson error" isn't the real problem. The real problem is the
"Unexpected end of filter string"; that command isn't complete.
The complete tshark command would be
tshark -r c:\captures\0_0-10mins -T fields -e ip.src "tcp.flags.syn==1
&& tcp.flags.ack==0"
on *one* command line (I don't know whether cmd.exe supports commands
split across multiple command lines the way UN*X shells do.
However, the rest of his command, namely the
| sort | uniq -c | sort -rn | head
part, is a bit trickier; cmd.exe *does* support pipes (and I suspect it
supports them using Win32 pipes, rather than the old "run the commands
one at a time, save the output of command N to a file, and use that file
as input to command N+1" hack that the MS-DOS command prompt did, due to
DOS being a single-tasking system), but Windows doesn't come with those
other commands.
As noted, Cygwin would include those commands.
