Wireshark-users: [Wireshark-users] wireshark statistic function (sum)
Date: Tue, 8 Apr 2008 14:16:36 +0200

Hello @all,

 

I need help regarding wireshark statistic function. I would like to analyze the tcp-retransmissions in relation to the time. Therefore I wrote a script with the following command:

 

tshark –r example.pcap –qz io,stat,1,0,sum(tcp.analysis.retransmission)”ip.addr==10.10.10.10” > stat.txt

 

The first issue: There is a difference between “sum()” and “SUM()”:

tshark: tcp.analysis.retransmission doesn't have integral values, so SUM(*) calculations are not supported on it.

…with “sum()” and tshark 0.99.7 I got some stats.

 

The second issue: The releases 0.99.8 and 1.0 don’t work neither with “sum()” nor “SUM()”:

tshark: Couldn't register io,stat tap: Filter "sum(tcp.analysis.retransmission)ip.addr==10.10.10.10" is invalid - Syntax error.

 

Could anybody help me or explain this issue?

 

Regards,

Michael