Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-users: Re: [Wireshark-users] Advanced Graph COunting

From: "Bland Chuck-CNGR85" <Chuck.Bland@xxxxxxxxxxxx>
Date: Fri, 6 Mar 2009 17:07:10 -0500
ah! Got it.
 
Thanks!


From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Sake Blok
Sent: Friday, March 06, 2009 13:36 PM
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] Advanced Graph COunting

The fieldname that you are counting should be part of the filter string. So either you can count tcp.len or you can change the filter to "tcp and tcp.len>0 and tcp.dstport==4176"
 
Hope this helps,
Cheers,
      Sake
----- Original Message -----
Sent: Friday, March 06, 2009 10:22 PM
Subject: Re: [Wireshark-users] Advanced Graph COunting

Ronnie,
 
The filter is tcp.len>0 and tcp.dstport==4176 and the COUNT(*) variable is "tcp".
 
The graph is a flat line at 0.
 
If I apply the filter as a display filter, I get lots of packets displayed, so I know the count isn't really zero.
 
What did I miss?
 
Chuck


From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of ronnie sahlberg
Sent: Friday, March 06, 2009 12:44 PM
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] Advanced Graph COunting

If you want to count how many packets there were  just specify "tcp" (or any field really would work) and it will count how many frames there are containing tcp.

If you want to count how many bytes were carried inside tcp use SUM(tcp.len) since this will add toghether all tcp.len fields it finds.




On Sat, Mar 7, 2009 at 7:28 AM, Bland Chuck-CNGR85 <Chuck.Bland@xxxxxxxxxxxx> wrote:
In an Advanced IO Graph, I have set the filter to tcp.len>0 to give me packets that have data. Now, I want to display how many in each time period made it through that filter. I presume I use a COUNT(*) graph, but what variable do I use?
 
Chuck Bland
 

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe