Wireshark mailing list archives
Re: tshark iostat calculation
From: Stuart Kendrick <skendric () fhcrc org>
Date: Sun, 06 Nov 2011 13:47:07 -0800
Hi Joke, OK, so I'm learning here, about preferences, for example -- thank you. Seems to me that both of us are seeing a value of 0 for SUM because ... per the snippet of man page you include ... SUM only adds fields of type integer ... and tcp.time_delta is of type float ... am I correct here? i.e. I can use the GUI to SUM tcp.time_delta, but I cannot use tshark do this. Yes? guru> tshark -nlr smbv2-copy.pcap -o tcp.calculate_timestamps:TRUE -R "(tcp.dstport==445)" -qz io,stat,600,"MIN(tcp.time_delta)tcp.time_delta" -qz io,stat,600,"SUM(tcp.time_delta)tcp.time_delta" -qz io,stat,600,"MAX(tcp.time_delta)tcp.time_delta" -qz io,stat,600,"AVG(tcp.time_delta)tcp.time_delta" -qz io,stat,600,"COUNT(tcp.time_delta)tcp.time_delta" =================================================================== IO Statistics Interval: 600.000 secs Column #0: COUNT(tcp.time_delta)tcp.time_delta | Column #0 Time | COUNT 000.000-600.000 5784 =================================================================== =================================================================== IO Statistics Interval: 600.000 secs Column #0: AVG(tcp.time_delta)tcp.time_delta | Column #0 Time | AVG 000.000-600.000 0.005 =================================================================== =================================================================== IO Statistics Interval: 600.000 secs Column #0: MAX(tcp.time_delta)tcp.time_delta | Column #0 Time | MAX 000.000-600.000 15.740 =================================================================== =================================================================== IO Statistics Interval: 600.000 secs Column #0: SUM(tcp.time_delta)tcp.time_delta | Column #0 Time | SUM 000.000-600.000 0 =================================================================== =================================================================== IO Statistics Interval: 600.000 secs Column #0: MIN(tcp.time_delta)tcp.time_delta | Column #0 Time | MIN 000.000-600.000 0.000 =================================================================== guru> On 11/6/2011 10:31 AM, j.snelders wrote:
Hi Stuart, To check whether tshark is using TCP timestamps run: $ tshark -G currentprefs | grep tcp.calculate_timestamps #tcp.calculate_timestamps: FALSE To enable TCP timestamps use: tshark -r FS01.pcap -o tcp.calculate_timestamps:TRUE -R "(tcp.dstport==445)" -qz io,stat,600,"MIN(tcp.time_delta)tcp.time_delta" -qz io,stat,600,"SUM(tcp.time_delta)tcp.time_delta" -z io,stat,600,"MAX(tcp.time_delta)tcp.time_delta" -z io,stat,600,"AVG(tcp.time_delta)tcp.time_delta" -z io,stat,600,"COUNT(tcp.time_delta)tcp.time_delta" [...]
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- tshark iostat calculation Stuart Kendrick (Nov 06)
- Re: tshark iostat calculation j.snelders (Nov 06)
- Re: tshark iostat calculation Stuart Kendrick (Nov 06)
- Re: tshark iostat calculation Chris Maynard (Nov 07)
- Re: tshark iostat calculation Stuart Kendrick (Nov 06)
- Re: tshark iostat calculation j.snelders (Nov 06)