Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: regarding tshark option -z io, stat, COUNT(tcp.analysis.duplicate_ack)tcp.analysis.duplicate_ack

From: "j.snelders" <j.snelders () telfort nl>
Date: Sun, 29 Nov 2009 07:19:56 +0100
Hi Rikard,

Do you use the , as decimal symbol?
You have to use the . as decimal symbol.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2880

Please check
Settings -> Control Pannel -> Regional And Language Options

Regards
Joan


On Sun, 29 Nov 2009 00:05:28 +0100 Rikard wrote:


Now I have tried this:
tshark -r test_b_hour09.cap -q -z
io,stat,120,"COUNT(tcp.analysis.duplicate_ack)tcp.analysis.duplicate_ack","COUNT(tcp.analysis.retransmission)tcp.analysis.retransmission"

It gives this:
===================================================================
IO Statistics
Interval: 120.000 secs
Column #0:
               |   Column #0
Time            |frames|  bytes
000.000-120.000    2659    732369
120.000-240.000    8025   2373944
This is my version of tshark:
TShark 1.2.2

Copyright 1998-2009 Gerald Combs <gerald () wireshark org> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GLib 2.22.2, with libpcap 1.0.0, with libz 1.2.3.3, with POSIX
capabilities (Linux), with libpcre 7.8, with SMI 0.4.8, with c-ares 1.6.0,
with
Lua 5.1, with GnuTLS 2.8.3, with Gcrypt 1.4.4, with MIT Kerberos, with
GeoIP.

Running on Linux 2.6.31-15-generic, with libpcap version 1.0.0, GnuTLS
2.8.3,
Gcrypt 1.4.4.

Built using gcc 4.4.1.

It is running on Ubuntu 9.10 64 bits. version


2009/11/28 j.snelders <j.snelders () telfort nl>


Hi Rikard,

Try this one:
$ tshark -r test.pcap -q -z
io,stat,120,"COUNT(tcp.analysis.duplicate_ack)tcp.analysis.duplicate_ack","COUNT(tcp.analysis.retransmission)tcp.analysis.retransmission"

===================================================================
IO Statistics
Interval: 120.000 secs
Column #0: COUNT(tcp.analysis.duplicate_ack)tcp.analysis.duplicate_ack
Column #1: COUNT(tcp.analysis.retransmission)tcp.analysis.retransmission
               |   Column #0    |   Column #1
Time            |          COUNT |          COUNT
000.000-120.000                12                4
===================================================================

Best regards
Joan

On Sat, 28 Nov 2009 14:23:20 +0100 Rikard Svenningsen wrote:

Hi
I am trying to use tshark for analysis of some tcp error on my network.
I intent to use the following command:
tshark -r FileToAnalyse -q -z



io,stat,120,COUNT(tcp.analysis.duplicate_ack)tcp.analysis.duplicate_ack,COUNT(tcp.analysis.retransmission)tcp.analysis.retransmission

The command: tshark ....... tcp.analysis.retransmission is supposed to

be

on
one line to get it work.
I tried:
-z



"io,stat,120,COUNT(tcp.analysis.retransmission)tcp.analysis.retransmission"
and
-z



'io,stat,120,COUNT(tcp.analysis.retransmission)tcp.analysis.retransmission'
and
-z



io,stat,120,COUNT\(tcp.analysis.retransmission\)tcp.analysis.retransmission

If I use it just like this:
-z

io,stat,120,COUNT(tcp.analysis.retransmission)tcp.analysis.retransmission


I get this:
bash: syntax error near unexpected token `('

Only if I run the command in a DOS prompt in Windows, it will work fine.
-z

io,stat,120,COUNT(tcp.analysis.retransmission)tcp.analysis.retransmission



--
Best regards
Rikard Svenningsen
Denmark



       


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: