Wireshark mailing list archives
Re: regarding tshark option -z io, stat, COUNT(tcp.analysis.duplicate_ack)tcp.analysis.duplicate_ack
From: Jaap Keuter <jaap.keuter () xs4all nl>
Date: Sun, 29 Nov 2009 17:23:28 +0100
Hi, You don't have to be. Just look at the man page, write the paragraph you think is missing, and sent it in. If you say where it goes, we'll work it into the man page. Thanks, Jaap Rikard Svenningsen wrote:
I am just a plain user, I got no programming skills for that level of programming. But if possible I could on the other hand write a path to the man page, if that's what you mean? 2009/11/29 Jaap Keuter <jaap.keuter () xs4all nl <mailto:jaap.keuter () xs4all nl>> Hi, You could write a patch based on your experiences. Thanks, Jaap Rikard Svenningsen wrote: > Bye the way. > Would it be possible to let this bug be know as a workaround on the man > page, and the syntax -z io,stat,120,"COUNT(smb.time)smb.time" should get > more focus because it's not obvious to all that's the way you have to do > it on Linux/Unix. > > I have being trying to figure out why it's not worked for me in almost a > year now..... > > So if it was more know to the public more people would benefit from the > workaround and the syntax information. > > Best Regards > Rikard Svenningsen > > > 2009/11/29 j.snelders <j.snelders () telfort nl <mailto:j.snelders () telfort nl> <mailto:j.snelders () telfort nl <mailto:j.snelders () telfort nl>>> > > Hi Rikard, > > Do you use the , as decimal symbol? > You have to use the . as decimal symbol. > https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2880 > > Please check > Settings -> Control Pannel -> Regional And Language Options > > Regards > Joan > > > On Sun, 29 Nov 2009 00:05:28 +0100 Rikard wrote: > > > >Now I have tried this: > >tshark -r test_b_hour09.cap -q -z >io,stat,120,"COUNT(tcp.analysis.duplicate_ack)tcp.analysis.duplicate_ack","COUNT(tcp.analysis.retransmission)tcp.analysis.retransmission"> > > >It gives this: > >=================================================================== > >IO Statistics > >Interval: 120.000 secs > >Column #0: > > | Column #0 > >Time |frames| bytes > >000.000-120.000 2659 732369 > >120.000-240.000 8025 2373944 > >This is my version of tshark: > >TShark 1.2.2 > > > >Copyright 1998-2009 Gerald Combs <gerald () wireshark org <mailto:gerald () wireshark org> > <mailto:gerald () wireshark org <mailto:gerald () wireshark org>>> and contributors. > >This is free software; see the source for copying conditions. > There is NO > >warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR > PURPOSE. > > > >Compiled with GLib 2.22.2, with libpcap 1.0.0, with libz 1.2.3.3, > with POSIX > >capabilities (Linux), with libpcre 7.8, with SMI 0.4.8, with > c-ares 1.6.0, > >with > >Lua 5.1, with GnuTLS 2.8.3, with Gcrypt 1.4.4, with MIT Kerberos, with > >GeoIP. > > > >Running on Linux 2.6.31-15-generic, with libpcap version 1.0.0, GnuTLS > >2.8.3, > >Gcrypt 1.4.4. > > > >Built using gcc 4.4.1. > > > >It is running on Ubuntu 9.10 64 bits. version > > > > > >2009/11/28 j.snelders <j.snelders () telfort nl <mailto:j.snelders () telfort nl> > <mailto:j.snelders () telfort nl <mailto:j.snelders () telfort nl>>> > > > >> Hi Rikard, > >> > >> Try this one: > >> $ tshark -r test.pcap -q -z > >> > io,stat,120,"COUNT(tcp.analysis.duplicate_ack)tcp.analysis.duplicate_ack","COUNT(tcp.analysis.retransmission)tcp.analysis.retransmission" > >> > >> =================================================================== > >> IO Statistics > >> Interval: 120.000 secs > >> Column #0: > COUNT(tcp.analysis.duplicate_ack)tcp.analysis.duplicate_ack > >> Column #1: > COUNT(tcp.analysis.retransmission)tcp.analysis.retransmission > >> | Column #0 | Column #1 > >> Time | COUNT | COUNT > >> 000.000-120.000 12 4 > >> =================================================================== > >> > >> Best regards > >> Joan > >> > >> On Sat, 28 Nov 2009 14:23:20 +0100 Rikard Svenningsen wrote: > >> >Hi > >> >I am trying to use tshark for analysis of some tcp error on my > network. > >> >I intent to use the following command: > >> >tshark -r FileToAnalyse -q -z > >> > >> >io,stat,120,COUNT(tcp.analysis.duplicate_ack)tcp.analysis.duplicate_ack,COUNT(tcp.analysis.retransmission)tcp.analysis.retransmission> >> > > >> >The command: tshark ....... tcp.analysis.retransmission is > supposed to > >be > >> >on > >> >one line to get it work. > >> >I tried: > >> >-z > >> > >> > >"io,stat,120,COUNT(tcp.analysis.retransmission)tcp.analysis.retransmission" > >> >and > >> >-z > >> > >> > >'io,stat,120,COUNT(tcp.analysis.retransmission)tcp.analysis.retransmission' > >> >and > >> >-z > >> > >> > >io,stat,120,COUNT\(tcp.analysis.retransmission\)tcp.analysis.retransmission > >> > > >> >If I use it just like this: > >> >-z > >> > io,stat,120,COUNT(tcp.analysis.retransmission)tcp.analysis.retransmission > >> > > >> >I get this: > >> >bash: syntax error near unexpected token `(' > >> > > >> >Only if I run the command in a DOS prompt in Windows, it will > work fine. > >> >-z > >> > io,stat,120,COUNT(tcp.analysis.retransmission)tcp.analysis.retransmission > >> > > >> > > >> >-- > >> >Best regards > >> >Rikard Svenningsen > >> >Denmark > ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org <mailto:wireshark-users () wireshark org>> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org <mailto:wireshark-users-request () wireshark org>?subject=unsubscribe -- Med venlig hilsen Rikard Svenningsen Smalager 36 DK-7120 ------------------------------------------------------------------------ ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- regarding tshark option -z io, stat, COUNT(tcp.analysis.duplicate_ack)tcp.analysis.duplicate_ack Rikard Svenningsen (Nov 28)
- Re: regarding tshark option -z io, stat, COUNT(tcp.analysis.duplicate_ack)tcp.analysis.duplicate_ack j.snelders (Nov 28)
- Re: regarding tshark option -z io, stat, COUNT(tcp.analysis.duplicate_ack)tcp.analysis.duplicate_ack Rikard Svenningsen (Nov 28)
- Re: regarding tshark option -z io, stat, COUNT(tcp.analysis.duplicate_ack)tcp.analysis.duplicate_ack j.snelders (Nov 28)
- Re: regarding tshark option -z io, stat, COUNT(tcp.analysis.duplicate_ack)tcp.analysis.duplicate_ack Rikard Svenningsen (Nov 29)
- Re: regarding tshark option -z io, stat, COUNT(tcp.analysis.duplicate_ack)tcp.analysis.duplicate_ack Rikard Svenningsen (Nov 29)
- Re: regarding tshark option -z io, stat, COUNT(tcp.analysis.duplicate_ack)tcp.analysis.duplicate_ack Jaap Keuter (Nov 29)
- Re: regarding tshark option -z io, stat, COUNT(tcp.analysis.duplicate_ack)tcp.analysis.duplicate_ack Rikard Svenningsen (Nov 29)
- Re: regarding tshark option -z io, stat, COUNT(tcp.analysis.duplicate_ack)tcp.analysis.duplicate_ack Jaap Keuter (Nov 29)
- Re: regarding tshark option -z io, stat, COUNT(tcp.analysis.duplicate_ack)tcp.analysis.duplicate_ack Rikard Svenningsen (Nov 28)
- Re: regarding tshark option -z io, stat, COUNT(tcp.analysis.duplicate_ack)tcp.analysis.duplicate_ack j.snelders (Nov 28)