Wireshark-users: Re: [Wireshark-users] print number of packet based on filter in a file
hi
thanks,, it worked beautifully also with combinations
another quicky
in case you happen to have an opinion
I have a huge amount of files of 80MB each and I wish to create total statistics about add/modify/... etc, etc,
should I merge all files in one large (~5GB) file and then run tshark against it or should I create a batch script store the results in .csv and use Excel?
br
Manolis
On Fri, Sep 25, 2009 at 7:07 AM, j.snelders
<j.snelders@xxxxxxxxxx> wrote:
Hi Manolis
Do you use the , as decimal symbol?
You have to use the . as decimal symbol.
Please check
Settings -> Control Pannel -> Regional And Language Options
Regards
Joan
On Date: Fri, 25 Sep 2009 00:14:52 +0300 Manolis Katsidoniotis wrote
>Hello
>
>
>
>I have a large capture file and would like to print the number of packets
>that apply to the below display filters:
>
>megaco.command == "Add"
>
>megaco.command == "Modify"
>
>megaco.command == "Subtract"
>
>
>
>I am entering
>
>
>
>tshark -r F:\Temp\bang_cont_00001_20090626194720.pcap -q -z
>io,stat,600,megaco.command=="Add"
>
>
>
>but I get the total number of packets not the megaco add commands (which
>is
>what I had in the filter)
>
>
>
>C:\Program Files\Wireshark>tshark -r
>F:\Temp\bang_cont_00001_20090626194720.pcap -q -z
>io,stat,600,megaco.command=="Add"
>
>NOTE: you should run 'diskperf -y' to enable the disk statistics
>
>
>
>===================================================================
>
>IO Statistics
>
>Interval: 600.000 secs
>
>Column #0:
>
> | Column #0
>
>Time |frames| bytes
>
>000.000-600.000 48110 25445310
>
>===================================================================
>
>
>
>
>
>48110 is the number of total captured frames
>
>Instead when I apply the display the number of packets selected is 16107
>
>
>
>Looks like my filter is not working.
>
>
>
>What am I doing wrong?
>
>
>
>Thanks in advance for your time
>
>Manolis
>
>___________________________________________________________________________
>Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
>Archives: http://www.wireshark.org/lists/wireshark-users
>Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
> mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe