Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Wireshark-users: Re: [Wireshark-users] Problems with tshark displayfilters

Date Index Thread Index Other Months All Mailing Lists

Date Prev Date Next Thread Prev Thread Next

From: sean bzd <seanbzd@xxxxxxxxx>
Date: Tue, 8 Dec 2009 11:28:21 -0500

Isn't the display filter set using -R option. I don't see that in your command.

On Tue, Dec 8, 2009 at 8:57 AM, Sebastian Dahlbruch <Paule_De@xxxxxx> wrote:

Hello !
So I want to use tshark (v 1.2.4) to get information out of the captures to a txt file, afterwards I want to convert the txt to a csv and create statistics out of it.
But when using tshark it seems to ignore all display filters I'm using.
Here is an example I've found:
"tshark.exe -q -z "io,stat,600, ,tcp.port == 80" -r DividedFile_1.pcap >> stats.txt"
This should lead to a txt file containing:
===================================================================
IO Statistics
Interval: 600.000 secs
Column #0:
Column #1: tcp.port == 80
| Column #0 | Column #1
Time |frames| bytes |frames| bytes
000.000-600.000 281214 128192886 51408 28494414
===================================================================
(I hope this is properly formatted now)
But in my case I only get the first column.

So I tried it with just one filter:
"tshark.exe -q -z "io,stat,600,tcp.port == 80" -r DividedFile_1.pcap >> stats.txt"
===================================================================
IO Statistics
Interval: 600.000 secs
Column #0:
| Column #0
Time |frames| bytes
000.000-600.000 281214 128192886
===================================================================
Same result with no filter option set, or like before with both filters on.
The same happens when using different filters like ip.addr (even if it's not on the same subnet) or different ports.
Does anyone here have an answer explaining this behaviour or maybe a complete different solution ?
Because I seem to be the only one having this problem I guess I'm doing something wrong here.

Thanks in advance!
Greetings
Sebastian
--
Jetzt kostenlos herunterladen: Internet Explorer 8 und Mozilla Firefox 3.5 -
sicherer, schneller und einfacher! http://portal.gmx.net/de/go/chbrowser
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe

Follow-Ups:
- Re: [Wireshark-users] Problems with tshark displayfilters
  - From: Sake Blok

References:
- [Wireshark-users] Problems with tshark displayfilters
  - From: Sebastian Dahlbruch

Prev by Date: [Wireshark-users] Problems with tshark displayfilters
Next by Date: Re: [Wireshark-users] Problems with tshark displayfilters
Previous by thread: [Wireshark-users] Problems with tshark displayfilters
Next by thread: Re: [Wireshark-users] Problems with tshark displayfilters
Index(es):
- Date
- Thread