Wireshark-users: Re: [Wireshark-users] regarding tshark option -z io, stat, COUNT(tcp.analysis.du
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: Rikard Svenningsen <wireshark@xxxxxxxxxxxxxx>
Date: Sun, 29 Nov 2009 16:57:31 +0100
I am just a plain user, I got no programming skills for that level of programming.
But if possible I could on the other hand write a path to the man page, if that's what you mean?


2009/11/29 Jaap Keuter <jaap.keuter@xxxxxxxxx>
Hi,

You could write a patch based on your experiences.

Thanks,
Jaap

Rikard Svenningsen wrote:
> Bye the way.
> Would it be possible to let this bug be know as a workaround on the man
> page, and the syntax -z io,stat,120,"COUNT(smb.time)smb.time" should get
> more focus because it's not obvious to all that's the way you have to do
> it on Linux/Unix.
>
> I have being trying to figure out why it's not worked for me in almost a
> year now.....
>
> So if it was more know to the public more people would benefit from the
> workaround and the syntax information.
>
> Best Regards
> Rikard Svenningsen
>
>
> 2009/11/29 j.snelders <j.snelders@xxxxxxxxxx <mailto:j.snelders@xxxxxxxxxx>>
>
>     Hi Rikard,
>
>     Do you use the , as decimal symbol?
>     You have to use the . as decimal symbol.
>     https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2880
>
>     Please check
>     Settings -> Control Pannel -> Regional And Language Options
>
>     Regards
>     Joan
>
>
>     On Sun, 29 Nov 2009 00:05:28 +0100 Rikard wrote:
>      >
>      >Now I have tried this:
>      >tshark -r test_b_hour09.cap -q -z
>      >io,stat,120,"COUNT(tcp.analysis.duplicate_ack)tcp.analysis.duplicate_ack","COUNT(tcp.analysis.retransmission)tcp.analysis.retransmission"
>      >
>      >It gives this:
>      >===================================================================
>      >IO Statistics
>      >Interval: 120.000 secs
>      >Column #0:
>      >                |   Column #0
>      >Time            |frames|  bytes
>      >000.000-120.000    2659    732369
>      >120.000-240.000    8025   2373944
>      >This is my version of tshark:
>      >TShark 1.2.2
>      >
>      >Copyright 1998-2009 Gerald Combs <gerald@xxxxxxxxxxxxx
>     <mailto:gerald@xxxxxxxxxxxxx>> and contributors.
>      >This is free software; see the source for copying conditions.
>     There is NO
>      >warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR
>     PURPOSE.
>      >
>      >Compiled with GLib 2.22.2, with libpcap 1.0.0, with libz 1.2.3.3,
>     with POSIX
>      >capabilities (Linux), with libpcre 7.8, with SMI 0.4.8, with
>     c-ares 1.6.0,
>      >with
>      >Lua 5.1, with GnuTLS 2.8.3, with Gcrypt 1.4.4, with MIT Kerberos, with
>      >GeoIP.
>      >
>      >Running on Linux 2.6.31-15-generic, with libpcap version 1.0.0, GnuTLS
>      >2.8.3,
>      >Gcrypt 1.4.4.
>      >
>      >Built using gcc 4.4.1.
>      >
>      >It is running on Ubuntu 9.10 64 bits. version
>      >
>      >
>      >2009/11/28 j.snelders <j.snelders@xxxxxxxxxx
>     <mailto:j.snelders@xxxxxxxxxx>>
>      >
>      >> Hi Rikard,
>      >>
>      >> Try this one:
>      >> $ tshark -r test.pcap -q -z
>      >>
>     io,stat,120,"COUNT(tcp.analysis.duplicate_ack)tcp.analysis.duplicate_ack","COUNT(tcp.analysis.retransmission)tcp.analysis.retransmission"
>      >>
>      >> ===================================================================
>      >> IO Statistics
>      >> Interval: 120.000 secs
>      >> Column #0:
>     COUNT(tcp.analysis.duplicate_ack)tcp.analysis.duplicate_ack
>      >> Column #1:
>     COUNT(tcp.analysis.retransmission)tcp.analysis.retransmission
>      >>                |   Column #0    |   Column #1
>      >> Time            |          COUNT |          COUNT
>      >> 000.000-120.000                12                4
>      >> ===================================================================
>      >>
>      >> Best regards
>      >> Joan
>      >>
>      >> On Sat, 28 Nov 2009 14:23:20 +0100 Rikard Svenningsen wrote:
>      >> >Hi
>      >> >I am trying to use tshark for analysis of some tcp error on my
>     network.
>      >> >I intent to use the following command:
>      >> >tshark -r FileToAnalyse -q -z
>      >>
>      >>
>      >io,stat,120,COUNT(tcp.analysis.duplicate_ack)tcp.analysis.duplicate_ack,COUNT(tcp.analysis.retransmission)tcp.analysis.retransmission
>      >> >
>      >> >The command: tshark ....... tcp.analysis.retransmission is
>     supposed to
>      >be
>      >> >on
>      >> >one line to get it work.
>      >> >I tried:
>      >> >-z
>      >>
>      >>
>      >"io,stat,120,COUNT(tcp.analysis.retransmission)tcp.analysis.retransmission"
>      >> >and
>      >> >-z
>      >>
>      >>
>      >'io,stat,120,COUNT(tcp.analysis.retransmission)tcp.analysis.retransmission'
>      >> >and
>      >> >-z
>      >>
>      >>
>      >io,stat,120,COUNT\(tcp.analysis.retransmission\)tcp.analysis.retransmission
>      >> >
>      >> >If I use it just like this:
>      >> >-z
>      >>
>     io,stat,120,COUNT(tcp.analysis.retransmission)tcp.analysis.retransmission
>      >> >
>      >> >I get this:
>      >> >bash: syntax error near unexpected token `('
>      >> >
>      >> >Only if I run the command in a DOS prompt in Windows, it will
>     work fine.
>      >> >-z
>      >>
>     io,stat,120,COUNT(tcp.analysis.retransmission)tcp.analysis.retransmission
>      >> >
>      >> >
>      >> >--
>      >> >Best regards
>      >> >Rikard Svenningsen
>      >> >Denmark
>

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe




--
Med venlig hilsen
Rikard Svenningsen
Smalager 36
DK-7120