Wireshark-users: Re: [Wireshark-users] Capture the time where no troughput is present
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: Ian Schorr <ian.schorr@xxxxxxxxx>
Date: Mon, 6 Jul 2009 22:11:37 +1000
Take one of your captures and run:

tshark -r <capture file> -z io,stat,1

...Assuming "tshark" is in your path, or you know where tshark is installed on your system and running tshark appropriately.

Does that give you what you want?  You should be able to easily parse it, import the output into Excel, etc.  The "1" here is the sample period (in seconds) that you want stats for.  You could easily use ".5" or "7" seconds if you wanted instead.  And you can add a ,<filter> to the end of the command if you only want stats meeting a particular criteria (like only traffic to/from a certain address).  See the tshark man page for more details.

You can also generate these stats live, real-time, while capturing...Though be careful of any extra load that might cause you to drop packets and skew your results.