----- Original Message -----
Sent: Friday, September 25, 2009 10:47
AM
Subject: Re: [Wireshark-users] print
number of packet based on filter in afile
hi,
and another one
that I forgot
in the below
command
D:\temp>tshark
-r trace000.pcap -q -z io,stat,600,megaco.command=="Add",megaco.command=="Subtract"
===================================================================
IO
Statistics
Interval: 600.000 secs
Column #0:
megaco.command==Add
Column #1:
megaco.command==Subtract
| Column
#0 | Column
#1
Time
|frames| bytes |frames| bytes
000.000-600.000
67587 43523248 67931
13153738
===================================================================
as far as I can understand,, the yellow
highlighted part (600) is the
interval in seconds for which tshark should perform the
calculations
Since I want the complete file,,, I just use a
very large number
Is there a way to omit this interval
or tell tshark to simply parse the entire
packet?
I have not been able to find such an option in help
... that's why I'm asking ...
thanks again
Manolis
On Fri, Sep 25, 2009 at 10:54 AM, Manolis Katsidoniotis
<manoska@xxxxxxxxx> wrote:
hi
thanks,, it worked beautifully also with combinations
another quicky
in case you happen to have an opinion
I have a huge amount of files of 80MB each and I wish to create
total statistics about add/modify/... etc, etc,
should I merge all files in one large (~5GB) file and
then run tshark against it or should I create a batch script store the
results in .csv and use Excel?
br
Manolis
On Fri, Sep 25, 2009 at 7:07 AM, j.snelders
<j.snelders@xxxxxxxxxx> wrote:
Hi
Manolis
Do you use the , as decimal symbol?
You have to use the
. as decimal symbol.
Please check
Settings -> Control Pannel
-> Regional And Language Options
Regards
Joan
On
Date: Fri, 25 Sep 2009 00:14:52 +0300 Manolis Katsidoniotis wrote
>Hello
>
>
>
>I have a large capture file
and would like to print the number of packets
>that apply to the
below display filters:
>
>megaco.command ==
"Add"
>
>megaco.command ==
"Modify"
>
>megaco.command ==
"Subtract"
>
>
>
>I am
entering
>
>
>
>tshark -r
F:\Temp\bang_cont_00001_20090626194720.pcap -q
-z
>io,stat,600,megaco.command=="Add"
>
>
>
>but
I get the total number of packets not the megaco add commands
(which
>is
>what I had in the
filter)
>
>
>
>C:\Program
Files\Wireshark>tshark
-r
>F:\Temp\bang_cont_00001_20090626194720.pcap -q
-z
>io,stat,600,megaco.command=="Add"
>
>NOTE: you
should run 'diskperf -y' to enable the disk
statistics
>
>
>
>===================================================================
>
>IO
Statistics
>
>Interval: 600.000 secs
>
>Column
#0:
>
>
| Column #0
>
>Time
|frames| bytes
>
>000.000-600.000
48110
25445310
>
>===================================================================
>
>
>
>
>
>48110
is the number of total captured frames
>
>Instead when I apply
the display the number of packets selected is
16107
>
>
>
>Looks like my filter is not
working.
>
>
>
>What am I doing
wrong?
>
>
>
>Thanks in advance for your
time
>
>Manolis
>
>___________________________________________________________________________
>Sent
via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
>Archives:
http://www.wireshark.org/lists/wireshark-users
>Unsubscribe:
https://wireshark.org/mailman/options/wireshark-users
>
mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
___________________________________________________________________________
Sent
via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:
http://www.wireshark.org/lists/wireshark-users
Unsubscribe:
https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
___________________________________________________________________________
Sent
via: Wireshark-users mailing list
<wireshark-users@xxxxxxxxxxxxx>
Archives:
http://www.wireshark.org/lists/wireshark-users
Unsubscribe:
https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
