Wireshark · Wireshark-users: Re: [Wireshark-users] Advanced Graph COunting

Wireshark-users: Re: [Wireshark-users] Advanced Graph COunting

From: "Sake Blok" <sake@xxxxxxxxxx>

Date: Fri, 6 Mar 2009 22:35:38 +0100

The fieldname that you are counting should be part of the filter string. So either you can count tcp.len or you can change the filter to "tcp and tcp.len>0 and tcp.dstport==4176"

Hope this helps,

Cheers,

Sake

----- Original Message -----

From: Bland Chuck-CNGR85

To: Community support list for Wireshark

Sent: Friday, March 06, 2009 10:22 PM

Subject: Re: [Wireshark-users] Advanced Graph COunting

Ronnie,

The filter is tcp.len>0 and tcp.dstport==4176 and the COUNT(*) variable is "tcp".

The graph is a flat line at 0.

If I apply the filter as a display filter, I get lots of packets displayed, so I know the count isn't really zero.

What did I miss?

Chuck

From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of ronnie sahlberg
Sent: Friday, March 06, 2009 12:44 PM
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] Advanced Graph COunting

If you want to count how many packets there were just specify "tcp" (or any field really would work) and it will count how many frames there are containing tcp.

If you want to count how many bytes were carried inside tcp use SUM(tcp.len) since this will add toghether all tcp.len fields it finds.

On Sat, Mar 7, 2009 at 7:28 AM, Bland Chuck-CNGR85 <Chuck.Bland@xxxxxxxxxxxx> wrote:

In an Advanced IO Graph, I have set the filter to tcp.len>0 to give me packets that have data. Now, I want to display how many in each time period made it through that filter. I presume I use a COUNT(*) graph, but what variable do I use?

Chuck Bland

___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe

Follow-Ups:
- Re: [Wireshark-users] Advanced Graph COunting
  - From: Bland Chuck-CNGR85

References:
- Re: [Wireshark-users] Reading multiple files in tcpdump
  - From: Guy Harris
- Re: [Wireshark-users] Reading multiple files in tcpdump
  - From: Alex Lindberg
- [Wireshark-users] Advanced Graph COunting
  - From: Bland Chuck-CNGR85
- Re: [Wireshark-users] Advanced Graph COunting
  - From: ronnie sahlberg
- Re: [Wireshark-users] Advanced Graph COunting
  - From: Bland Chuck-CNGR85

Prev by Date: Re: [Wireshark-users] Advanced Graph COunting
Next by Date: Re: [Wireshark-users] Duplicate ACK
Previous by thread: Re: [Wireshark-users] Advanced Graph COunting
Next by thread: Re: [Wireshark-users] Advanced Graph COunting
Index(es):
- Date
- Thread