Wireshark mailing list archives
Re: regarding tshark option -z io, stat, COUNT(tcp.analysis.duplicate_ack)tcp.analysis.duplicate_ack
From: Jaap Keuter <jaap.keuter () xs4all nl>
Date: Sun, 29 Nov 2009 11:55:51 +0100
Hi, You could write a patch based on your experiences. Thanks, Jaap Rikard Svenningsen wrote:
Bye the way. Would it be possible to let this bug be know as a workaround on the man page, and the syntax -z io,stat,120,"COUNT(smb.time)smb.time" should get more focus because it's not obvious to all that's the way you have to do it on Linux/Unix. I have being trying to figure out why it's not worked for me in almost a year now..... So if it was more know to the public more people would benefit from the workaround and the syntax information. Best Regards Rikard Svenningsen 2009/11/29 j.snelders <j.snelders () telfort nl <mailto:j.snelders () telfort nl>> Hi Rikard, Do you use the , as decimal symbol? You have to use the . as decimal symbol. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2880 Please check Settings -> Control Pannel -> Regional And Language Options Regards Joan On Sun, 29 Nov 2009 00:05:28 +0100 Rikard wrote: > >Now I have tried this: >tshark -r test_b_hour09.cap -q -zio,stat,120,"COUNT(tcp.analysis.duplicate_ack)tcp.analysis.duplicate_ack","COUNT(tcp.analysis.retransmission)tcp.analysis.retransmission"> >It gives this: >=================================================================== >IO Statistics >Interval: 120.000 secs >Column #0: > | Column #0 >Time |frames| bytes >000.000-120.000 2659 732369 >120.000-240.000 8025 2373944 >This is my version of tshark: >TShark 1.2.2 > >Copyright 1998-2009 Gerald Combs <gerald () wireshark org <mailto:gerald () wireshark org>> and contributors. >This is free software; see the source for copying conditions. There is NO >warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. > >Compiled with GLib 2.22.2, with libpcap 1.0.0, with libz 1.2.3.3, with POSIX >capabilities (Linux), with libpcre 7.8, with SMI 0.4.8, with c-ares 1.6.0, >with >Lua 5.1, with GnuTLS 2.8.3, with Gcrypt 1.4.4, with MIT Kerberos, with >GeoIP. > >Running on Linux 2.6.31-15-generic, with libpcap version 1.0.0, GnuTLS >2.8.3, >Gcrypt 1.4.4. > >Built using gcc 4.4.1. > >It is running on Ubuntu 9.10 64 bits. version > > >2009/11/28 j.snelders <j.snelders () telfort nl <mailto:j.snelders () telfort nl>> > >> Hi Rikard, >> >> Try this one: >> $ tshark -r test.pcap -q -z >> io,stat,120,"COUNT(tcp.analysis.duplicate_ack)tcp.analysis.duplicate_ack","COUNT(tcp.analysis.retransmission)tcp.analysis.retransmission" >> >> =================================================================== >> IO Statistics >> Interval: 120.000 secs >> Column #0: COUNT(tcp.analysis.duplicate_ack)tcp.analysis.duplicate_ack >> Column #1: COUNT(tcp.analysis.retransmission)tcp.analysis.retransmission >> | Column #0 | Column #1 >> Time | COUNT | COUNT >> 000.000-120.000 12 4 >> =================================================================== >> >> Best regards >> Joan >> >> On Sat, 28 Nov 2009 14:23:20 +0100 Rikard Svenningsen wrote: >> >Hi >> >I am trying to use tshark for analysis of some tcp error on my network. >> >I intent to use the following command: >> >tshark -r FileToAnalyse -q -z >> >>io,stat,120,COUNT(tcp.analysis.duplicate_ack)tcp.analysis.duplicate_ack,COUNT(tcp.analysis.retransmission)tcp.analysis.retransmission>> > >> >The command: tshark ....... tcp.analysis.retransmission is supposed to >be >> >on >> >one line to get it work. >> >I tried: >> >-z >> >> >"io,stat,120,COUNT(tcp.analysis.retransmission)tcp.analysis.retransmission" >> >and >> >-z >> >> >'io,stat,120,COUNT(tcp.analysis.retransmission)tcp.analysis.retransmission' >> >and >> >-z >> >> >io,stat,120,COUNT\(tcp.analysis.retransmission\)tcp.analysis.retransmission >> > >> >If I use it just like this: >> >-z >> io,stat,120,COUNT(tcp.analysis.retransmission)tcp.analysis.retransmission >> > >> >I get this: >> >bash: syntax error near unexpected token `(' >> > >> >Only if I run the command in a DOS prompt in Windows, it will work fine. >> >-z >> io,stat,120,COUNT(tcp.analysis.retransmission)tcp.analysis.retransmission >> > >> > >> >-- >> >Best regards >> >Rikard Svenningsen >> >Denmark
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- regarding tshark option -z io, stat, COUNT(tcp.analysis.duplicate_ack)tcp.analysis.duplicate_ack Rikard Svenningsen (Nov 28)
- Re: regarding tshark option -z io, stat, COUNT(tcp.analysis.duplicate_ack)tcp.analysis.duplicate_ack j.snelders (Nov 28)
- Re: regarding tshark option -z io, stat, COUNT(tcp.analysis.duplicate_ack)tcp.analysis.duplicate_ack Rikard Svenningsen (Nov 28)
- Re: regarding tshark option -z io, stat, COUNT(tcp.analysis.duplicate_ack)tcp.analysis.duplicate_ack j.snelders (Nov 28)
- Re: regarding tshark option -z io, stat, COUNT(tcp.analysis.duplicate_ack)tcp.analysis.duplicate_ack Rikard Svenningsen (Nov 29)
- Re: regarding tshark option -z io, stat, COUNT(tcp.analysis.duplicate_ack)tcp.analysis.duplicate_ack Rikard Svenningsen (Nov 29)
- Re: regarding tshark option -z io, stat, COUNT(tcp.analysis.duplicate_ack)tcp.analysis.duplicate_ack Jaap Keuter (Nov 29)
- Re: regarding tshark option -z io, stat, COUNT(tcp.analysis.duplicate_ack)tcp.analysis.duplicate_ack Rikard Svenningsen (Nov 29)
- Re: regarding tshark option -z io, stat, COUNT(tcp.analysis.duplicate_ack)tcp.analysis.duplicate_ack Jaap Keuter (Nov 29)
- Re: regarding tshark option -z io, stat, COUNT(tcp.analysis.duplicate_ack)tcp.analysis.duplicate_ack Rikard Svenningsen (Nov 28)
- Re: regarding tshark option -z io, stat, COUNT(tcp.analysis.duplicate_ack)tcp.analysis.duplicate_ack j.snelders (Nov 28)