Wireshark · Wireshark-users: Re: [Wireshark-users] regarding tshark option -z io, stat, COUNT(tcp.analysis.duplicate

Wireshark-users: Re: [Wireshark-users] regarding tshark option -z io, stat, COUNT(tcp.analysis.du

From: Rikard Svenningsen <wireshark@xxxxxxxxxxxxxx>

Date: Sun, 29 Nov 2009 00:05:28 +0100

Now I have tried this:
tshark -r test_b_hour09.cap -q -z io,stat,120,"COUNT(tcp.analysis.duplicate_ack)tcp.analysis.duplicate_ack","COUNT(tcp.analysis.retransmission)tcp.analysis.retransmission"

It gives this:
===================================================================
IO Statistics
Interval: 120.000 secs
Column #0:
                |   Column #0
Time            |frames| bytes
000.000-120.000    2659    732369
120.000-240.000    8025   2373944
This is my version of tshark:
TShark 1.2.2

Copyright 1998-2009 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GLib 2.22.2, with libpcap 1.0.0, with libz 1.2.3.3, with POSIX
capabilities (Linux), with libpcre 7.8, with SMI 0.4.8, with c-ares 1.6.0, with
Lua 5.1, with GnuTLS 2.8.3, with Gcrypt 1.4.4, with MIT Kerberos, with GeoIP.

Running on Linux 2.6.31-15-generic, with libpcap version 1.0.0, GnuTLS 2.8.3,
Gcrypt 1.4.4.

Built using gcc 4.4.1.

It is running on Ubuntu 9.10 64 bits. version

2009/11/28 j.snelders <j.snelders@xxxxxxxxxx>

Hi Rikard,

Try this one:
$ tshark -r test.pcap -q -z io,stat,120,"COUNT(tcp.analysis.duplicate_ack)tcp.analysis.duplicate_ack","COUNT(tcp.analysis.retransmission)tcp.analysis.retransmission"

===================================================================
IO Statistics
Interval: 120.000 secs
Column #0: COUNT(tcp.analysis.duplicate_ack)tcp.analysis.duplicate_ack
Column #1: COUNT(tcp.analysis.retransmission)tcp.analysis.retransmission
| Column #0 | Column #1
Time | COUNT | COUNT
000.000-120.000 12 4
===================================================================

Best regards
Joan

On Sat, 28 Nov 2009 14:23:20 +0100 Rikard Svenningsen wrote:
>Hi
>I am trying to use tshark for analysis of some tcp error on my network.
>I intent to use the following command:
>tshark -r FileToAnalyse -q -z
>io,stat,120,COUNT(tcp.analysis.duplicate_ack)tcp.analysis.duplicate_ack,COUNT(tcp.analysis.retransmission)tcp.analysis.retransmission
>
>The command: tshark ....... tcp.analysis.retransmission is supposed to be
>on
>one line to get it work.
>I tried:
>-z
>"io,stat,120,COUNT(tcp.analysis.retransmission)tcp.analysis.retransmission"
>and
>-z
>'io,stat,120,COUNT(tcp.analysis.retransmission)tcp.analysis.retransmission'
>and
>-z
>io,stat,120,COUNT$tcp.analysis.retransmission$tcp.analysis.retransmission
>
>If I use it just like this:
>-z io,stat,120,COUNT(tcp.analysis.retransmission)tcp.analysis.retransmission
>
>I get this:
>bash: syntax error near unexpected token `('
>
>Only if I run the command in a DOS prompt in Windows, it will work fine.
>-z io,stat,120,COUNT(tcp.analysis.retransmission)tcp.analysis.retransmission
>
>
>--
>Best regards
>Rikard Svenningsen
>Denmark

>___________________________________________________________________________
>Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
>Archives: http://www.wireshark.org/lists/wireshark-users
>Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
> mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe

___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe

--
Med venlig hilsen
Rikard Svenningsen
Smalager 36
DK-7120

Follow-Ups:
- Re: [Wireshark-users] regarding tshark option -z io, stat, COUNT(tcp.analysis.duplicate_ack)tcp.analysis.duplicate_ack
  - From: j.snelders

References:
- [Wireshark-users] regarding tshark option -z io, stat, COUNT(tcp.analysis.duplicate_ack)tcp.analysis.duplicate_ack
  - From: Rikard Svenningsen
- Re: [Wireshark-users] regarding tshark option -z io, stat, COUNT(tcp.analysis.duplicate_ack)tcp.analysis.duplicate_ack
  - From: j.snelders

Prev by Date: Re: [Wireshark-users] regarding tshark option -z io, stat, COUNT(tcp.analysis.duplicate_ack)tcp.analysis.duplicate_ack
Next by Date: Re: [Wireshark-users] regarding tshark option -z io, stat, COUNT(tcp.analysis.duplicate_ack)tcp.analysis.duplicate_ack
Previous by thread: Re: [Wireshark-users] regarding tshark option -z io, stat, COUNT(tcp.analysis.duplicate_ack)tcp.analysis.duplicate_ack
Next by thread: Re: [Wireshark-users] regarding tshark option -z io, stat, COUNT(tcp.analysis.duplicate_ack)tcp.analysis.duplicate_ack
Index(es):
- Date
- Thread