Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-users: Re: [Wireshark-users] Tshark statistics problem

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Jo Verstraelen" <J.Verstraelen@xxxxxxxxxx>
Date: Fri, 3 Apr 2009 11:36:33 +0200

To be more precise:

 

C:\Program Files\Wireshark>tshark -v

TShark 1.1.3 (SVN Rev 27807)

 

Copyright 1998-2009 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.

This is free software; see the source for copying conditions. There is NO

warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

 

Compiled with GLib 2.20.0, with WinPcap (version unknown), with libz 1.2.3,

without POSIX capabilities, with libpcre 7.0, with SMI 0.4.8, with c-ares 1.6.0,

 

with Lua 5.1, with GnuTLS 2.6.4, with Gcrypt 1.4.4, with MIT Kerberos, with

GeoIP.

 

Running on Windows XP Service Pack 2, build 2600, with WinPcap version 4.0.2

(packet.dll version 4.0.0.1040), based on libpcap version 0.9.5, GnuTLS 2.6.4,

Gcrypt 1.4.4.

 

Built using Microsoft Visual C++ 9.0 build 30729

 

From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Jo Verstraelen
Sent: vrijdag 3 april 2009 11:23
To: wireshark-users@xxxxxxxxxxxxx
Subject: [Wireshark-users] Tshark statistics problem

 

Hi,

 

Does some one know why the following command: “Tshark.exe –r testfile.pcap –q –z io,stat,30,COUNT(tcp.analysis.retransmission) tcp.analysis.retransmission” outputs this:

 

C:\Program Files\Wireshark>tshark.exe -r update.pcap -q -z io,stat,30,COUNT(tcp.

analysis.retransmission)cp.analysis.retransmission

 

===================================================================

IO Statistics

Interval: 30.000 secs

Column #0:

                |   Column #0

Time            |frames|  bytes

000.000-030.000       2       444

030.000-060.000       1       222

060.000-090.000       1       222

090.000-120.000      17      3081

120.000-150.000   23676  22054026

150.000-180.000   39681  37077760

180.000-210.000   88041  83327179

210.000-240.000   86237  81549459

240.000-270.000   43381  40256634

270.000-300.000    8147   7507780

300.000-330.000       2       472

330.000-360.000       3       348

360.000-390.000       1       222

390.000-420.000       1       222

420.000-450.000       2       314

450.000-480.000     163     47626

 

Instead of a column with the counted tcp retransmissions?

 

Got the same result with :

tshark.exe –r testfile.pcap” –q –z io,stat,30,”COUNT(tcp.analysis.retranmission)tcp.analysis.retransmission”,”AVG(tcp.window_size)tcp.window_size”,”MAX(tcp.window_size)”,”MIN(tcp.window_size)tcp.window_size”


I am using TShark 1.1.3 (SVN Rev 27807) .

(testfile.pcap does contain tcp and retransmission so its not that)

 

Kind regards,

                    Jo

Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube