Wireshark-users: Re: [Wireshark-users] regarding tshark option -z io, stat, COUNT(tcp.analysis.du
Hi,
You don't have to be. Just look at the man page, write the paragraph you think
is missing, and sent it in. If you say where it goes, we'll work it into the man
page.
Thanks,
Jaap
Rikard Svenningsen wrote:
I am just a plain user, I got no programming skills for that level of
programming.
But if possible I could on the other hand write a path to the man page,
if that's what you mean?
2009/11/29 Jaap Keuter <jaap.keuter@xxxxxxxxx
<mailto:jaap.keuter@xxxxxxxxx>>
Hi,
You could write a patch based on your experiences.
Thanks,
Jaap
Rikard Svenningsen wrote:
> Bye the way.
> Would it be possible to let this bug be know as a workaround on
the man
> page, and the syntax -z io,stat,120,"COUNT(smb.time)smb.time"
should get
> more focus because it's not obvious to all that's the way you
have to do
> it on Linux/Unix.
>
> I have being trying to figure out why it's not worked for me in
almost a
> year now.....
>
> So if it was more know to the public more people would benefit
from the
> workaround and the syntax information.
>
> Best Regards
> Rikard Svenningsen
>
>
> 2009/11/29 j.snelders <j.snelders@xxxxxxxxxx
<mailto:j.snelders@xxxxxxxxxx> <mailto:j.snelders@xxxxxxxxxx
<mailto:j.snelders@xxxxxxxxxx>>>
>
> Hi Rikard,
>
> Do you use the , as decimal symbol?
> You have to use the . as decimal symbol.
> https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2880
>
> Please check
> Settings -> Control Pannel -> Regional And Language Options
>
> Regards
> Joan
>
>
> On Sun, 29 Nov 2009 00:05:28 +0100 Rikard wrote:
> >
> >Now I have tried this:
> >tshark -r test_b_hour09.cap -q -z
>
>io,stat,120,"COUNT(tcp.analysis.duplicate_ack)tcp.analysis.duplicate_ack","COUNT(tcp.analysis.retransmission)tcp.analysis.retransmission"
> >
> >It gives this:
>
>===================================================================
> >IO Statistics
> >Interval: 120.000 secs
> >Column #0:
> > | Column #0
> >Time |frames| bytes
> >000.000-120.000 2659 732369
> >120.000-240.000 8025 2373944
> >This is my version of tshark:
> >TShark 1.2.2
> >
> >Copyright 1998-2009 Gerald Combs <gerald@xxxxxxxxxxxxx
<mailto:gerald@xxxxxxxxxxxxx>
> <mailto:gerald@xxxxxxxxxxxxx <mailto:gerald@xxxxxxxxxxxxx>>>
and contributors.
> >This is free software; see the source for copying conditions.
> There is NO
> >warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR
> PURPOSE.
> >
> >Compiled with GLib 2.22.2, with libpcap 1.0.0, with libz
1.2.3.3,
> with POSIX
> >capabilities (Linux), with libpcre 7.8, with SMI 0.4.8, with
> c-ares 1.6.0,
> >with
> >Lua 5.1, with GnuTLS 2.8.3, with Gcrypt 1.4.4, with MIT
Kerberos, with
> >GeoIP.
> >
> >Running on Linux 2.6.31-15-generic, with libpcap version
1.0.0, GnuTLS
> >2.8.3,
> >Gcrypt 1.4.4.
> >
> >Built using gcc 4.4.1.
> >
> >It is running on Ubuntu 9.10 64 bits. version
> >
> >
> >2009/11/28 j.snelders <j.snelders@xxxxxxxxxx
<mailto:j.snelders@xxxxxxxxxx>
> <mailto:j.snelders@xxxxxxxxxx <mailto:j.snelders@xxxxxxxxxx>>>
> >
> >> Hi Rikard,
> >>
> >> Try this one:
> >> $ tshark -r test.pcap -q -z
> >>
>
io,stat,120,"COUNT(tcp.analysis.duplicate_ack)tcp.analysis.duplicate_ack","COUNT(tcp.analysis.retransmission)tcp.analysis.retransmission"
> >>
> >>
===================================================================
> >> IO Statistics
> >> Interval: 120.000 secs
> >> Column #0:
> COUNT(tcp.analysis.duplicate_ack)tcp.analysis.duplicate_ack
> >> Column #1:
> COUNT(tcp.analysis.retransmission)tcp.analysis.retransmission
> >> | Column #0 | Column #1
> >> Time | COUNT | COUNT
> >> 000.000-120.000 12 4
> >>
===================================================================
> >>
> >> Best regards
> >> Joan
> >>
> >> On Sat, 28 Nov 2009 14:23:20 +0100 Rikard Svenningsen wrote:
> >> >Hi
> >> >I am trying to use tshark for analysis of some tcp error
on my
> network.
> >> >I intent to use the following command:
> >> >tshark -r FileToAnalyse -q -z
> >>
> >>
>
>io,stat,120,COUNT(tcp.analysis.duplicate_ack)tcp.analysis.duplicate_ack,COUNT(tcp.analysis.retransmission)tcp.analysis.retransmission
> >> >
> >> >The command: tshark ....... tcp.analysis.retransmission is
> supposed to
> >be
> >> >on
> >> >one line to get it work.
> >> >I tried:
> >> >-z
> >>
> >>
>
>"io,stat,120,COUNT(tcp.analysis.retransmission)tcp.analysis.retransmission"
> >> >and
> >> >-z
> >>
> >>
>
>'io,stat,120,COUNT(tcp.analysis.retransmission)tcp.analysis.retransmission'
> >> >and
> >> >-z
> >>
> >>
>
>io,stat,120,COUNT\(tcp.analysis.retransmission\)tcp.analysis.retransmission
> >> >
> >> >If I use it just like this:
> >> >-z
> >>
>
io,stat,120,COUNT(tcp.analysis.retransmission)tcp.analysis.retransmission
> >> >
> >> >I get this:
> >> >bash: syntax error near unexpected token `('
> >> >
> >> >Only if I run the command in a DOS prompt in Windows, it
will
> work fine.
> >> >-z
> >>
>
io,stat,120,COUNT(tcp.analysis.retransmission)tcp.analysis.retransmission
> >> >
> >> >
> >> >--
> >> >Best regards
> >> >Rikard Svenningsen
> >> >Denmark
>
___________________________________________________________________________
Sent via: Wireshark-users mailing list
<wireshark-users@xxxxxxxxxxxxx <mailto:wireshark-users@xxxxxxxxxxxxx>>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request@xxxxxxxxxxxxx
<mailto:wireshark-users-request@xxxxxxxxxxxxx>?subject=unsubscribe
--
Med venlig hilsen
Rikard Svenningsen
Smalager 36
DK-7120
------------------------------------------------------------------------
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe