Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: [Wireshark-dev] New date format for the iostat dissector to merge multiple files

Date: Tue, 22 Aug 2006 14:33:29 +0200
      Hello,


This patch provide new date formats for the statistics generated with
tshark.
If you are capturing multiple files, you can merge the stats to generate a
gnuplot graph.

The format of the date is determined with the "-t" option. The default
format is the relativ one.

For relative:     (./tshark -q -t r -z"io,stat,60,tcp" -r data.cap.gz)
Time            |frames|  bytes
000.000-060.000     742     51660
060.000-120.000     887     73599

For delta:  (./tshark -q -t d -z"io,stat,60,tcp" -r data.cap.gz)
Time            |frames|  bytes
000.000     742     51660
060.000     887     73599

For absolute:     (./tshark -q -t a -z"io,stat,60,tcp" -r data.cap.gz)
Time            |frames|  bytes
13:28:53     742     51660
13:29:53     887     73599

For absolute with date: (./tshark -q -t ad -z"io,stat,60,tcp" -r
data.cap.gz)
Time            |frames|  bytes
2006-07-12 13:28:53     742     51660
2006-07-12 13:29:53     887     73599


If you are using the absolute format, you can generate the stats for
several capture files, and make a merge of the results.

./tshark -q -t a -z"io,stat,60,tcp" -r data01.cap.gz > data01.nsv
../..
./tshark -q -t a -z"io,stat,60,tcp" -r data99.cap.gz > data99.nsv


Then you merge:
 ls data*.nsv | sort | xargs cat | egrep "^[00-24]" > data.nsv

And you generate the graph:

gnuplot> set grid
gnuplot> set autoscale
gnuplot> set timefmt "%H:%M:%S"
gnuplot> set xdata time
gnuplot> set xlabel "Time measurement"
gnuplot> set ylabel "Number of messages"
gnuplot> plot "data.nsv" using 1:2 title 'Messages' with lines lt 1


(See attached file: tap-iostat.c.diff.gz)

Regards
Florent

Attachment: tap-iostat.c.diff.gz
Description: Binary data