Wireshark-users: Re: [Wireshark-users] print number of packet based on filter in a file
From: Manolis Katsidoniotis <manoska@xxxxxxxxx>
Date: Fri, 25 Sep 2009 10:54:28 +0300
hi
 
thanks,, it worked beautifully also with combinations
 
another quicky
in case you happen to have an opinion
 
I have a huge amount of files of 80MB each and I wish to create total statistics about add/modify/... etc, etc,
should I merge all files in one large (~5GB) file and then run tshark against it or should I create a batch script store the results in .csv and use Excel?
 
 
br
Manolis

On Fri, Sep 25, 2009 at 7:07 AM, j.snelders <j.snelders@xxxxxxxxxx> wrote:
Hi Manolis

Do you use the , as decimal symbol?
You have to use the . as decimal symbol.

Please check
Settings -> Control Pannel -> Regional And Language Options

Regards
Joan


On Date: Fri, 25 Sep 2009 00:14:52 +0300 Manolis Katsidoniotis wrote
>Hello
>
>
>
>I have a large capture file and would like to print the number of packets
>that apply to the below display filters:
>
>megaco.command == "Add"
>
>megaco.command == "Modify"
>
>megaco.command == "Subtract"
>
>
>
>I am entering
>
>
>
>tshark -r F:\Temp\bang_cont_00001_20090626194720.pcap -q -z
>io,stat,600,megaco.command=="Add"
>
>
>
>but I get the total number of packets not the megaco add commands (which
>is
>what I had in the filter)
>
>
>
>C:\Program Files\Wireshark>tshark -r
>F:\Temp\bang_cont_00001_20090626194720.pcap -q -z
>io,stat,600,megaco.command=="Add"
>
>NOTE: you should run 'diskperf -y' to enable the disk statistics
>
>
>
>===================================================================
>
>IO Statistics
>
>Interval: 600.000 secs
>
>Column #0:
>
>                |   Column #0
>
>Time            |frames|  bytes
>
>000.000-600.000   48110  25445310
>
>===================================================================
>
>
>
>
>
>48110 is the number of total captured frames
>
>Instead when I apply the display the number of packets selected is 16107
>
>
>
>Looks like my filter is not working.
>
>
>
>What am I doing wrong?
>
>
>
>Thanks in advance for your time
>
>Manolis
>
>___________________________________________________________________________
>Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
>Archives:    http://www.wireshark.org/lists/wireshark-users
>Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe





___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe