Wireshark-users: Re: [Wireshark-users] Capture the time where no troughput is present
From: Lutti Hautameki <bowkatz@xxxxxxxxx>
Date: Tue, 7 Jul 2009 08:59:34 +0200
Hello Ian,
you solved my problem, thank you very much!!

 
2009/7/6, Ian Schorr <ian.schorr@xxxxxxxxx>:
Take one of your captures and run:

tshark -r <capture file> -z io,stat,1
 

...Assuming "tshark" is in your path, or you know where tshark is installed on your system and running tshark appropriately.

Does that give you what you want?  You should be able to easily parse it, import the output into Excel, etc.  The "1" here is the sample period (in seconds) that you want stats for.  You could easily use ".5" or "7" seconds if you wanted instead.  And you can add a ,<filter> to the end of the command if you only want stats meeting a particular criteria (like only traffic to/from a certain address).  See the tshark man page for more details.

You can also generate these stats live, real-time, while capturing...Though be careful of any extra load that might cause you to drop packets and skew your results.

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe