Wireshark-users: [Wireshark-users] print number of packet based on filter in a file
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: "Manolis Katsidoniotis" <manoska@xxxxxxxxx>
Date: Fri, 25 Sep 2009 00:14:52 +0300

Hello

 

I have a large capture file and would like to print the number of packets that apply to the below display filters:

megaco.command == "Add"

megaco.command == "Modify”

megaco.command == "Subtract"

 

I am entering

 

tshark -r F:\Temp\bang_cont_00001_20090626194720.pcap -q -z io,stat,600,megaco.command=="Add"

 

but I get the total number of packets not the megaco add commands (which is what I had in the filter)

 

C:\Program Files\Wireshark>tshark -r F:\Temp\bang_cont_00001_20090626194720.pcap -q -z io,stat,600,megaco.command=="Add"

NOTE: you should run 'diskperf -y' to enable the disk statistics

 

===================================================================

IO Statistics

Interval: 600.000 secs

Column #0:

                |   Column #0

Time            |frames|  bytes

000.000-600.000   48110  25445310

===================================================================

 

 

48110 is the number of total captured frames

Instead when I apply the display the number of packets selected is 16107

 

Looks like my filter is not working.

 

What am I doing wrong?

 

Thanks in advance for your time

Manolis