Wireshark · Wireshark-users: Re: [Wireshark-users] Export TCP Stream

Wireshark-users: Re: [Wireshark-users] Export TCP Stream - RTT Graph Data
From: "Barry Constantine" <Barry.Constantine@xxxxxxxx>
Date: Wed, 8 Jul 2009 05:58:08 -0700

Thanks Joan, the link is using the tshark command I have tried which
outputs tcp.analysis.ack_rtt.

The output of does not match the TCP Stream Graph RTT at all.  In my
capture, the RTT is on the order of 25 msec and the RTT tshark output is
less than 1 msec in general.  

Any one else can help to clarify this?

Barry

 

Principal Member of Technical Staff

 

JDSU Communication Test (formerly Acterna)

Emerging Markets and Technology Research         

One Milestone Center Court                              

Germantown, MD 20876                                         

(W) 240-404-2227                                                
Thanks 
(C) 301-325-7069


-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of
wireshark-users-request@xxxxxxxxxxxxx
Sent: Wednesday, July 08, 2009 7:01 AM
To: wireshark-users@xxxxxxxxxxxxx
Subject: Wireshark-users Digest, Vol 38, Issue 9

Send Wireshark-users mailing list submissions to
	wireshark-users@xxxxxxxxxxxxx

To subscribe or unsubscribe via the World Wide Web, visit
	https://wireshark.org/mailman/listinfo/wireshark-users
or, via email, send a message with subject or body 'help' to
	wireshark-users-request@xxxxxxxxxxxxx

You can reach the person managing the list at
	wireshark-users-owner@xxxxxxxxxxxxx

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Wireshark-users digest..."


Today's Topics:

   1. Export TCP Stream - RTT Graph Data (Barry Constantine)
   2. Re: Export TCP Stream - RTT Graph Data (j.snelders@xxxxxxxxxx)
   3. Auto refresh of the open file (Kranthi Kiran Sistla)
   4. Re: Ubuntu Linux: How to load SNMP mibs?
      (Peter Valdemar M?rch (Lists))
   5. Re: Ubuntu Linux: How to load SNMP mibs?
      (Peter Valdemar M?rch (Lists))
   6. Re: Ubuntu Linux: How to load SNMP mibs? (Jaap Keuter)


----------------------------------------------------------------------

Message: 1
Date: Tue, 7 Jul 2009 12:20:20 -0700
From: "Barry Constantine" <Barry.Constantine@xxxxxxxx>
Subject: [Wireshark-users] Export TCP Stream - RTT Graph Data
To: <wireshark-users@xxxxxxxxxxxxx>
Message-ID:
	<6ECE57DF49376146B91A92A3C37EFC0E08EC434E@xxxxxxxxxxxxxxxxxxxx>
Content-Type: text/plain; charset="us-ascii"

Hello,

 

Is there a way to export the TCP Stream - RTT graph data to a text file?

 

Thanks,

Barry

 

Principal Member of Technical Staff

 

JDSU Communication Test (formerly Acterna)

Emerging Markets and Technology Research         

One Milestone Center Court                              

Germantown, MD 20876                                         

(W) 240-404-2227                                                

(C) 301-325-7069

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://www.wireshark.org/lists/wireshark-users/attachments/20090707/07c0
5661/attachment.htm 

------------------------------

Message: 2
Date: Tue, 7 Jul 2009 21:44:43 +0200
From: j.snelders@xxxxxxxxxx
Subject: Re: [Wireshark-users] Export TCP Stream - RTT Graph Data
To: "Community support list for Wireshark"
	<wireshark-users@xxxxxxxxxxxxx>
Message-ID: <49EC7C4A00045660@xxxxxxxxxxxxxxxxxxxxxxxxxx>
Content-Type: text/plain; charset="US-ASCII"

Hi Barry,

Please take a look at this message:
http://www.wireshark.org/lists/wireshark-users/200901/msg00066.html

Hope it helps you too.
Joan


On Tue, 7 Jul 2009 12:20:20 -0700 Barry Constantine wrote

>Is there a way to export the TCP Stream - RTT graph data to a text
file?
>
>Thanks,
>
>Barry
>
>Principal Member of Technical Staff
>JDSU Communication Test (formerly Acterna)
>Emerging Markets and Technology Research         
>One Milestone Center Court                              
>Germantown, MD 20876                                         
>(W) 240-404-2227                                                
>(C) 301-325-7069


       




------------------------------

Message: 3
Date: Wed, 8 Jul 2009 11:57:02 +0530
From: Kranthi Kiran Sistla <s.kranthi@xxxxxxxxx>
Subject: [Wireshark-users] Auto refresh of the open file
To: wireshark-users@xxxxxxxxxxxxx
Message-ID:
	<f7b328170907072327h1e99b1c5i1060c581d42c9c86@xxxxxxxxxxxxxx>
Content-Type: text/plain; charset="iso-8859-1"

 Hello All,

I have the following problem that iam trying to work out with the help
of
Wireshark

1. I have log files that keep getting updated with SS7 traces being
captured
on ATM links.
2. Using text2pcap the files are being processed and  viewed in the
wireshark.

As the files keep getting updated dynamically iam required to process
the
log files every few minutes to view the latest messages. Can anybody
suggest
if there is any way Wireshark can refresh the opened file automatically
whenever the contents change or if there is any workaround to achieve
the
same affect instead of manually refreshing using CTRL+R.

Note : Iam currently using Wireshark Version 1.2.0 (SVN Rev 28753)

 Thanks for your time.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://www.wireshark.org/lists/wireshark-users/attachments/20090708/05dd
34de/attachment.htm 

------------------------------

Message: 4
Date: Wed, 08 Jul 2009 08:55:15 +0200
From: "Peter Valdemar M?rch (Lists)" 	<4ux6as402@xxxxxxxxxxxxxx>
Subject: Re: [Wireshark-users] Ubuntu Linux: How to load SNMP mibs?
To: wireshark-users@xxxxxxxxxxxxx
Message-ID: <4A5442D3.2070509@xxxxxxxxxxxxxx>
Content-Type: text/plain; charset=UTF-8; format=flowed

Jaap Keuter jaap.keuter-at-xs4all.nl |Lists| wrote:
> Is your version of Wireshark build with libsmi support? You can check

> that on the about wireshark dialog.

Thanks for the reply.

Yup. That was it. About says: "Compiled ... without SMI"

Building wireshark *with* SMI made it work. I therefore suggest that 
there is a bug in SNMP preferences:

For future reference: To build a local version of wireshark *with* SMI 
support on ubuntu intrepid, I did the following:

$ sudo apt-get install libsmi2-common libsmi2-dev libsmi2ldbl
$ sudo apt-get build-dep wireshark
$ mkdir wireshark
$ cd wireshark
$ apt-get source wireshark
$ cd wireshark-1.0.3
$ dpkg-buildpackage -rfakeroot -b -uc
$ cd ..
$ sudo dpkg -i tshark_1.0.3-1ubuntu2.2_i386.deb \
      wireshark-common_1.0.3-1ubuntu2.2_i386.deb \
      wireshark_1.0.3-1ubuntu2.2_i386.deb

(I did get it to work, and looking through my shell history, these are 
the relevant commands. It is possible I forgot to mention something,
though)

> 
> Thanx,
> Jaap
> 
> Sent from my iPhone
> 
> On 7 jul 2009, at 08:43, "Peter Valdemar M?rch (Lists)"
<4ux6as402@xxxxxxxxxxxxx 
> m> wrote:
> 
>> I'd like to display SNMP information symbolically, and so I'll need
to
>> load mibs.
>>
>> But I haven't found where to do that in Wireshark 1.0.3 on Ubuntu
>> Intrepid (i386).
>>
>> "Preferences -> Protocols -> SNMP" says: "MIB settings can be  
>> changed in
>> the Name Resolution preferences"
>>
>> However
>>
>> "Preferences -> Name Resolution" has no mention of SNMP or SMI at
all.
>> (Even though numerous mailing list posts also suggest this is where
to
>> configure it)
>>
>> Does anybody know how I can get wireshark to show ifInOctets.34  
>> instead
>> of .1.3.1<bla bla bla> by loading MIBs under ubuntu?
>>
>> Peter
>>
>> More information:
>>
>> All my MIBs are in /usr/share/snmp/mibs (the standard place on
>> ubuntu/debian for SNMP MIBs). I've tried installing all these  
>> packages:
>>
>> libsmi2-common    0.4.7+dfsg-0.1
>> libsmi2-dev    0.4.7+dfsg-0.1
>> libsmi2ldbl    0.4.7+dfsg-0.1
>> libsnmp-base    5.4.1~dfsg-7.1ubuntu6.1
>> libsnmp15    5.4.1~dfsg-7.1ubuntu6.1
>> snmp    5.4.1~dfsg-7.1ubuntu6.1
>>
>> Which means I should have both NET-SNMP and libsmi installed.
>>
>> This article suggests libsmi.
>> http://article.gmane.org/gmane.network.wireshark.user/4330/match=mibs
>> So I installed libsmi2-common libsmi2-dev and libsmi2ldbl. No joy.
>>
>> This post also mentions "Preferences->Name Resolution->SMI (MIB and  
>> PIB)
>> paths" and suggests putting mibs in C:\Program Files\Wireshark\snmp 
>> \mibs:
>> http://article.gmane.org/gmane.network.wireshark.user/6039/match=mibs
>> So I tried:
>> $ mkdir -p ~/.wireshark/snmp/mibs
>> $ cp /usr/share/snmp/mibs/* ~/.wireshark/snmp/mibs/
>> No joy. (Don't know where else to try)
>>
>> -- 
>> Peter Valdemar M?rch
>> http://www.morch.com
>>
________________________________________________________________________
___
>  
> 
>> Sent via:    Wireshark-users mailing list
<wireshark-users@xxxxxxxxxxxxx 
>> Archives:    http://www.wireshark.org/lists/wireshark-users
>> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>>             mailto:wireshark-users-request@xxxxxxxxxxxxx? 
>> subject=unsubscribe
>>
>
________________________________________________________________________
___
> Sent via:    Wireshark-users mailing list
<wireshark-users@xxxxxxxxxxxxx>
> Archives:    http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>
mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe


-- 
Peter Valdemar M?rch
http://www.morch.com


------------------------------

Message: 5
Date: Wed, 08 Jul 2009 10:40:59 +0200
From: "Peter Valdemar M?rch (Lists)" 	<4ux6as402@xxxxxxxxxxxxxx>
Subject: Re: [Wireshark-users] Ubuntu Linux: How to load SNMP mibs?
To: wireshark-users@xxxxxxxxxxxxx
Message-ID: <4A545B9B.9060005@xxxxxxxxxxxxxx>
Content-Type: text/plain; charset="utf-8"

Aarrrhhh, I wish I'd read my prior post through one more time. Sorry.

Peter Valdemar M?rch (Lists) wrote:
> Building wireshark *with* SMI made it work. I therefore suggest that 
> there is a bug in SNMP preferences:
, that currently say: "MIB settings can be changed in the Name 
Resolution preferences". If not built with SMI, I suggest that message 
should be: "MIB settings are not possible, because Wireshark was not 
built with SMI support"

The rest is ubuntu/debian specific:

> For future reference: To build a local version of wireshark *with* SMI

> support on ubuntu intrepid, I did the following:
> 
> $ sudo apt-get install libsmi2-common libsmi2-dev libsmi2ldbl
> $ sudo apt-get build-dep wireshark
> $ mkdir wireshark
> $ cd wireshark
> $ apt-get source wireshark
> $ cd wireshark-1.0.3

At this point, i had to bump the version of the package. Otherwise 
ubuntu would insist on upgrading my newly built package.

So I patched debian/changelog with (proper patch as attachement):

--- orig.changelog	2009-07-08 09:50:38.000000000 +0200
+++ changelog	2009-07-08 09:50:16.000000000 +0200
@@ -1,3 +1,9 @@
+wireshark (1.0.3-1ubuntu2.2.0.1) intrepid; urgency=low
+
+  * Built with libsmi
+
+ -- Peter Valdemar M?rch <peter@xxxxxxxxx>  Wed, 8 Jul 2009 09:29:40
+0100
+
  wireshark (1.0.3-1ubuntu2.2) intrepid-security; urgency=low

    * SECURITY UPDATE: packet-usb.c in the USB dissector in Wireshark
0.99.7

> $ dpkg-buildpackage -rfakeroot -b -uc
> $ cd ..
> $ sudo dpkg -i tshark_1.0.3-1ubuntu2.2_i386.deb \
>      wireshark-common_1.0.3-1ubuntu2.2_i386.deb \
>      wireshark_1.0.3-1ubuntu2.2_i386.deb

Now, the record should be straight! :-)

Peter
-- 
Peter Valdemar M?rch
http://www.morch.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: changelog.patch
Type: text/x-patch
Size: 422 bytes
Desc: not available
Url :
http://www.wireshark.org/lists/wireshark-users/attachments/20090708/8595
469e/attachment.bin 

------------------------------

Message: 6
Date: Wed, 8 Jul 2009 13:00:33 +0200
From: Jaap Keuter <jaap.keuter@xxxxxxxxx>
Subject: Re: [Wireshark-users] Ubuntu Linux: How to load SNMP mibs?
To: Community support list for Wireshark
	<wireshark-users@xxxxxxxxxxxxx>
Message-ID: <EE5481A1-E620-4A48-A031-1A482C638C8B@xxxxxxxxx>
Content-Type: text/plain;	charset=utf-8;	format=flowed;
delsp=yes

Hi,

FYI: newer versions of the sourcecode have improved Debian packaging  
support. I'm not sure from which point on (1.0.8 I guess), you can do  
'make debian-package' to start the package build.

Thanx,
Jaap

Sent from my iPhone

On 8 jul 2009, at 10:40, "Peter Valdemar M?rch (Lists)"
<4ux6as402@xxxxxxxxxxxxx 
m> wrote:

> Aarrrhhh, I wish I'd read my prior post through one more time. Sorry.
>
> Peter Valdemar M?rch (Lists) wrote:
>> Building wireshark *with* SMI made it work. I therefore suggest  
>> that there is a bug in SNMP preferences:
> , that currently say: "MIB settings can be changed in the Name  
> Resolution preferences". If not built with SMI, I suggest that  
> message should be: "MIB settings are not possible, because Wireshark  
> was not built with SMI support"
>
> The rest is ubuntu/debian specific:
>
>> For future reference: To build a local version of wireshark *with*  
>> SMI support on ubuntu intrepid, I did the following:
>> $ sudo apt-get install libsmi2-common libsmi2-dev libsmi2ldbl
>> $ sudo apt-get build-dep wireshark
>> $ mkdir wireshark
>> $ cd wireshark
>> $ apt-get source wireshark
>> $ cd wireshark-1.0.3
>
> At this point, i had to bump the version of the package. Otherwise  
> ubuntu would insist on upgrading my newly built package.
>
> So I patched debian/changelog with (proper patch as attachement):
>
> --- orig.changelog    2009-07-08 09:50:38.000000000 +0200
> +++ changelog    2009-07-08 09:50:16.000000000 +0200
> @@ -1,3 +1,9 @@
> +wireshark (1.0.3-1ubuntu2.2.0.1) intrepid; urgency=low
> +
> +  * Built with libsmi
> +
> + -- Peter Valdemar M?rch <peter@xxxxxxxxx>  Wed, 8 Jul 2009 09:29:4 
> 0 +0100
> +
> wireshark (1.0.3-1ubuntu2.2) intrepid-security; urgency=low
>
>   * SECURITY UPDATE: packet-usb.c in the USB dissector in Wireshark  
> 0.99.7
>
>> $ dpkg-buildpackage -rfakeroot -b -uc
>> $ cd ..
>> $ sudo dpkg -i tshark_1.0.3-1ubuntu2.2_i386.deb \
>>     wireshark-common_1.0.3-1ubuntu2.2_i386.deb \
>>     wireshark_1.0.3-1ubuntu2.2_i386.deb
>
> Now, the record should be straight! :-)
>
> Peter
> -- 
> Peter Valdemar M?rch
> http://www.morch.com
> --- orig.changelog	2009-07-08 09:50:38.000000000 +0200 +++
changelog	 
> 2009-07-08 09:50:16.000000000 +0200 @@ -1,3 +1,9 @@ +wireshark  
> (1.0.3-1ubuntu2.2.0.1) intrepid; urgency=low + + * Built with libsmi  
> + + -- Peter Valdemar M?rch Wed, 8 Jul 2009 09:29:40 +0100 + wiresha 
> rk (1.0.3-1ubuntu2.2) intrepid-security; urgency=low * SECURITY UPDA 
> TE: packet-usb.c in the USB dissector in Wireshark 0.99.7
>
________________________________________________________________________
___
 

> Sent via:    Wireshark-users mailing list
<wireshark-users@xxxxxxxxxxxxx 
> >
> Archives:    http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>             mailto:wireshark-users-request@xxxxxxxxxxxxx? 
> subject=unsubscribe


------------------------------

_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
https://wireshark.org/mailman/listinfo/wireshark-users


End of Wireshark-users Digest, Vol 38, Issue 9
**********************************************
Prev by Date: Re: [Wireshark-users] Auto refresh of the open file
Next by Date: Re: [Wireshark-users] WS version 1.2.0 - TCP Stream Index
Previous by thread: Re: [Wireshark-users] Export TCP Stream - RTT Graph Data
Next by thread: [Wireshark-users] Auto refresh of the open file
Index(es):
- Date
- Thread