Wireshark-users: Re: [Wireshark-users] Export TCP Stream - RTT Graph Data
From: "Barry Constantine" <Barry.Constantine@xxxxxxxx>
Date: Wed, 8 Jul 2009 05:58:08 -0700
Thanks Joan, the link is using the tshark command I have tried which outputs tcp.analysis.ack_rtt. The output of does not match the TCP Stream Graph RTT at all. In my capture, the RTT is on the order of 25 msec and the RTT tshark output is less than 1 msec in general. Any one else can help to clarify this? Barry Principal Member of Technical Staff JDSU Communication Test (formerly Acterna) Emerging Markets and Technology Research One Milestone Center Court Germantown, MD 20876 (W) 240-404-2227 Thanks (C) 301-325-7069 -----Original Message----- From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of wireshark-users-request@xxxxxxxxxxxxx Sent: Wednesday, July 08, 2009 7:01 AM To: wireshark-users@xxxxxxxxxxxxx Subject: Wireshark-users Digest, Vol 38, Issue 9 Send Wireshark-users mailing list submissions to wireshark-users@xxxxxxxxxxxxx To subscribe or unsubscribe via the World Wide Web, visit https://wireshark.org/mailman/listinfo/wireshark-users or, via email, send a message with subject or body 'help' to wireshark-users-request@xxxxxxxxxxxxx You can reach the person managing the list at wireshark-users-owner@xxxxxxxxxxxxx When replying, please edit your Subject line so it is more specific than "Re: Contents of Wireshark-users digest..." Today's Topics: 1. Export TCP Stream - RTT Graph Data (Barry Constantine) 2. Re: Export TCP Stream - RTT Graph Data (j.snelders@xxxxxxxxxx) 3. Auto refresh of the open file (Kranthi Kiran Sistla) 4. Re: Ubuntu Linux: How to load SNMP mibs? (Peter Valdemar M?rch (Lists)) 5. Re: Ubuntu Linux: How to load SNMP mibs? (Peter Valdemar M?rch (Lists)) 6. Re: Ubuntu Linux: How to load SNMP mibs? (Jaap Keuter) ---------------------------------------------------------------------- Message: 1 Date: Tue, 7 Jul 2009 12:20:20 -0700 From: "Barry Constantine" <Barry.Constantine@xxxxxxxx> Subject: [Wireshark-users] Export TCP Stream - RTT Graph Data To: <wireshark-users@xxxxxxxxxxxxx> Message-ID: <6ECE57DF49376146B91A92A3C37EFC0E08EC434E@xxxxxxxxxxxxxxxxxxxx> Content-Type: text/plain; charset="us-ascii" Hello, Is there a way to export the TCP Stream - RTT graph data to a text file? Thanks, Barry Principal Member of Technical Staff JDSU Communication Test (formerly Acterna) Emerging Markets and Technology Research One Milestone Center Court Germantown, MD 20876 (W) 240-404-2227 (C) 301-325-7069 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.wireshark.org/lists/wireshark-users/attachments/20090707/07c0 5661/attachment.htm ------------------------------ Message: 2 Date: Tue, 7 Jul 2009 21:44:43 +0200 From: j.snelders@xxxxxxxxxx Subject: Re: [Wireshark-users] Export TCP Stream - RTT Graph Data To: "Community support list for Wireshark" <wireshark-users@xxxxxxxxxxxxx> Message-ID: <49EC7C4A00045660@xxxxxxxxxxxxxxxxxxxxxxxxxx> Content-Type: text/plain; charset="US-ASCII" Hi Barry, Please take a look at this message: http://www.wireshark.org/lists/wireshark-users/200901/msg00066.html Hope it helps you too. Joan On Tue, 7 Jul 2009 12:20:20 -0700 Barry Constantine wrote >Is there a way to export the TCP Stream - RTT graph data to a text file? > >Thanks, > >Barry > >Principal Member of Technical Staff >JDSU Communication Test (formerly Acterna) >Emerging Markets and Technology Research >One Milestone Center Court >Germantown, MD 20876 >(W) 240-404-2227 >(C) 301-325-7069 ------------------------------ Message: 3 Date: Wed, 8 Jul 2009 11:57:02 +0530 From: Kranthi Kiran Sistla <s.kranthi@xxxxxxxxx> Subject: [Wireshark-users] Auto refresh of the open file To: wireshark-users@xxxxxxxxxxxxx Message-ID: <f7b328170907072327h1e99b1c5i1060c581d42c9c86@xxxxxxxxxxxxxx> Content-Type: text/plain; charset="iso-8859-1" Hello All, I have the following problem that iam trying to work out with the help of Wireshark 1. I have log files that keep getting updated with SS7 traces being captured on ATM links. 2. Using text2pcap the files are being processed and viewed in the wireshark. As the files keep getting updated dynamically iam required to process the log files every few minutes to view the latest messages. Can anybody suggest if there is any way Wireshark can refresh the opened file automatically whenever the contents change or if there is any workaround to achieve the same affect instead of manually refreshing using CTRL+R. Note : Iam currently using Wireshark Version 1.2.0 (SVN Rev 28753) Thanks for your time. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.wireshark.org/lists/wireshark-users/attachments/20090708/05dd 34de/attachment.htm ------------------------------ Message: 4 Date: Wed, 08 Jul 2009 08:55:15 +0200 From: "Peter Valdemar M?rch (Lists)" <4ux6as402@xxxxxxxxxxxxxx> Subject: Re: [Wireshark-users] Ubuntu Linux: How to load SNMP mibs? To: wireshark-users@xxxxxxxxxxxxx Message-ID: <4A5442D3.2070509@xxxxxxxxxxxxxx> Content-Type: text/plain; charset=UTF-8; format=flowed Jaap Keuter jaap.keuter-at-xs4all.nl |Lists| wrote: > Is your version of Wireshark build with libsmi support? You can check > that on the about wireshark dialog. Thanks for the reply. Yup. That was it. About says: "Compiled ... without SMI" Building wireshark *with* SMI made it work. I therefore suggest that there is a bug in SNMP preferences: For future reference: To build a local version of wireshark *with* SMI support on ubuntu intrepid, I did the following: $ sudo apt-get install libsmi2-common libsmi2-dev libsmi2ldbl $ sudo apt-get build-dep wireshark $ mkdir wireshark $ cd wireshark $ apt-get source wireshark $ cd wireshark-1.0.3 $ dpkg-buildpackage -rfakeroot -b -uc $ cd .. $ sudo dpkg -i tshark_1.0.3-1ubuntu2.2_i386.deb \ wireshark-common_1.0.3-1ubuntu2.2_i386.deb \ wireshark_1.0.3-1ubuntu2.2_i386.deb (I did get it to work, and looking through my shell history, these are the relevant commands. It is possible I forgot to mention something, though) > > Thanx, > Jaap > > Sent from my iPhone > > On 7 jul 2009, at 08:43, "Peter Valdemar M?rch (Lists)" <4ux6as402@xxxxxxxxxxxxx > m> wrote: > >> I'd like to display SNMP information symbolically, and so I'll need to >> load mibs. >> >> But I haven't found where to do that in Wireshark 1.0.3 on Ubuntu >> Intrepid (i386). >> >> "Preferences -> Protocols -> SNMP" says: "MIB settings can be >> changed in >> the Name Resolution preferences" >> >> However >> >> "Preferences -> Name Resolution" has no mention of SNMP or SMI at all. >> (Even though numerous mailing list posts also suggest this is where to >> configure it) >> >> Does anybody know how I can get wireshark to show ifInOctets.34 >> instead >> of .1.3.1<bla bla bla> by loading MIBs under ubuntu? >> >> Peter >> >> More information: >> >> All my MIBs are in /usr/share/snmp/mibs (the standard place on >> ubuntu/debian for SNMP MIBs). I've tried installing all these >> packages: >> >> libsmi2-common 0.4.7+dfsg-0.1 >> libsmi2-dev 0.4.7+dfsg-0.1 >> libsmi2ldbl 0.4.7+dfsg-0.1 >> libsnmp-base 5.4.1~dfsg-7.1ubuntu6.1 >> libsnmp15 5.4.1~dfsg-7.1ubuntu6.1 >> snmp 5.4.1~dfsg-7.1ubuntu6.1 >> >> Which means I should have both NET-SNMP and libsmi installed. >> >> This article suggests libsmi. >> http://article.gmane.org/gmane.network.wireshark.user/4330/match=mibs >> So I installed libsmi2-common libsmi2-dev and libsmi2ldbl. No joy. >> >> This post also mentions "Preferences->Name Resolution->SMI (MIB and >> PIB) >> paths" and suggests putting mibs in C:\Program Files\Wireshark\snmp >> \mibs: >> http://article.gmane.org/gmane.network.wireshark.user/6039/match=mibs >> So I tried: >> $ mkdir -p ~/.wireshark/snmp/mibs >> $ cp /usr/share/snmp/mibs/* ~/.wireshark/snmp/mibs/ >> No joy. (Don't know where else to try) >> >> -- >> Peter Valdemar M?rch >> http://www.morch.com >> ________________________________________________________________________ ___ > > >> Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx >> Archives: http://www.wireshark.org/lists/wireshark-users >> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users >> mailto:wireshark-users-request@xxxxxxxxxxxxx? >> subject=unsubscribe >> > ________________________________________________________________________ ___ > Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx> > Archives: http://www.wireshark.org/lists/wireshark-users > Unsubscribe: https://wireshark.org/mailman/options/wireshark-users > mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe -- Peter Valdemar M?rch http://www.morch.com ------------------------------ Message: 5 Date: Wed, 08 Jul 2009 10:40:59 +0200 From: "Peter Valdemar M?rch (Lists)" <4ux6as402@xxxxxxxxxxxxxx> Subject: Re: [Wireshark-users] Ubuntu Linux: How to load SNMP mibs? To: wireshark-users@xxxxxxxxxxxxx Message-ID: <4A545B9B.9060005@xxxxxxxxxxxxxx> Content-Type: text/plain; charset="utf-8" Aarrrhhh, I wish I'd read my prior post through one more time. Sorry. Peter Valdemar M?rch (Lists) wrote: > Building wireshark *with* SMI made it work. I therefore suggest that > there is a bug in SNMP preferences: , that currently say: "MIB settings can be changed in the Name Resolution preferences". If not built with SMI, I suggest that message should be: "MIB settings are not possible, because Wireshark was not built with SMI support" The rest is ubuntu/debian specific: > For future reference: To build a local version of wireshark *with* SMI > support on ubuntu intrepid, I did the following: > > $ sudo apt-get install libsmi2-common libsmi2-dev libsmi2ldbl > $ sudo apt-get build-dep wireshark > $ mkdir wireshark > $ cd wireshark > $ apt-get source wireshark > $ cd wireshark-1.0.3 At this point, i had to bump the version of the package. Otherwise ubuntu would insist on upgrading my newly built package. So I patched debian/changelog with (proper patch as attachement): --- orig.changelog 2009-07-08 09:50:38.000000000 +0200 +++ changelog 2009-07-08 09:50:16.000000000 +0200 @@ -1,3 +1,9 @@ +wireshark (1.0.3-1ubuntu2.2.0.1) intrepid; urgency=low + + * Built with libsmi + + -- Peter Valdemar M?rch <peter@xxxxxxxxx> Wed, 8 Jul 2009 09:29:40 +0100 + wireshark (1.0.3-1ubuntu2.2) intrepid-security; urgency=low * SECURITY UPDATE: packet-usb.c in the USB dissector in Wireshark 0.99.7 > $ dpkg-buildpackage -rfakeroot -b -uc > $ cd .. > $ sudo dpkg -i tshark_1.0.3-1ubuntu2.2_i386.deb \ > wireshark-common_1.0.3-1ubuntu2.2_i386.deb \ > wireshark_1.0.3-1ubuntu2.2_i386.deb Now, the record should be straight! :-) Peter -- Peter Valdemar M?rch http://www.morch.com -------------- next part -------------- A non-text attachment was scrubbed... Name: changelog.patch Type: text/x-patch Size: 422 bytes Desc: not available Url : http://www.wireshark.org/lists/wireshark-users/attachments/20090708/8595 469e/attachment.bin ------------------------------ Message: 6 Date: Wed, 8 Jul 2009 13:00:33 +0200 From: Jaap Keuter <jaap.keuter@xxxxxxxxx> Subject: Re: [Wireshark-users] Ubuntu Linux: How to load SNMP mibs? To: Community support list for Wireshark <wireshark-users@xxxxxxxxxxxxx> Message-ID: <EE5481A1-E620-4A48-A031-1A482C638C8B@xxxxxxxxx> Content-Type: text/plain; charset=utf-8; format=flowed; delsp=yes Hi, FYI: newer versions of the sourcecode have improved Debian packaging support. I'm not sure from which point on (1.0.8 I guess), you can do 'make debian-package' to start the package build. Thanx, Jaap Sent from my iPhone On 8 jul 2009, at 10:40, "Peter Valdemar M?rch (Lists)" <4ux6as402@xxxxxxxxxxxxx m> wrote: > Aarrrhhh, I wish I'd read my prior post through one more time. Sorry. > > Peter Valdemar M?rch (Lists) wrote: >> Building wireshark *with* SMI made it work. I therefore suggest >> that there is a bug in SNMP preferences: > , that currently say: "MIB settings can be changed in the Name > Resolution preferences". If not built with SMI, I suggest that > message should be: "MIB settings are not possible, because Wireshark > was not built with SMI support" > > The rest is ubuntu/debian specific: > >> For future reference: To build a local version of wireshark *with* >> SMI support on ubuntu intrepid, I did the following: >> $ sudo apt-get install libsmi2-common libsmi2-dev libsmi2ldbl >> $ sudo apt-get build-dep wireshark >> $ mkdir wireshark >> $ cd wireshark >> $ apt-get source wireshark >> $ cd wireshark-1.0.3 > > At this point, i had to bump the version of the package. Otherwise > ubuntu would insist on upgrading my newly built package. > > So I patched debian/changelog with (proper patch as attachement): > > --- orig.changelog 2009-07-08 09:50:38.000000000 +0200 > +++ changelog 2009-07-08 09:50:16.000000000 +0200 > @@ -1,3 +1,9 @@ > +wireshark (1.0.3-1ubuntu2.2.0.1) intrepid; urgency=low > + > + * Built with libsmi > + > + -- Peter Valdemar M?rch <peter@xxxxxxxxx> Wed, 8 Jul 2009 09:29:4 > 0 +0100 > + > wireshark (1.0.3-1ubuntu2.2) intrepid-security; urgency=low > > * SECURITY UPDATE: packet-usb.c in the USB dissector in Wireshark > 0.99.7 > >> $ dpkg-buildpackage -rfakeroot -b -uc >> $ cd .. >> $ sudo dpkg -i tshark_1.0.3-1ubuntu2.2_i386.deb \ >> wireshark-common_1.0.3-1ubuntu2.2_i386.deb \ >> wireshark_1.0.3-1ubuntu2.2_i386.deb > > Now, the record should be straight! :-) > > Peter > -- > Peter Valdemar M?rch > http://www.morch.com > --- orig.changelog 2009-07-08 09:50:38.000000000 +0200 +++ changelog > 2009-07-08 09:50:16.000000000 +0200 @@ -1,3 +1,9 @@ +wireshark > (1.0.3-1ubuntu2.2.0.1) intrepid; urgency=low + + * Built with libsmi > + + -- Peter Valdemar M?rch Wed, 8 Jul 2009 09:29:40 +0100 + wiresha > rk (1.0.3-1ubuntu2.2) intrepid-security; urgency=low * SECURITY UPDA > TE: packet-usb.c in the USB dissector in Wireshark 0.99.7 > ________________________________________________________________________ ___ > Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx > > > Archives: http://www.wireshark.org/lists/wireshark-users > Unsubscribe: https://wireshark.org/mailman/options/wireshark-users > mailto:wireshark-users-request@xxxxxxxxxxxxx? > subject=unsubscribe ------------------------------ _______________________________________________ Wireshark-users mailing list Wireshark-users@xxxxxxxxxxxxx https://wireshark.org/mailman/listinfo/wireshark-users End of Wireshark-users Digest, Vol 38, Issue 9 **********************************************
- Prev by Date: Re: [Wireshark-users] Auto refresh of the open file
- Next by Date: Re: [Wireshark-users] WS version 1.2.0 - TCP Stream Index
- Previous by thread: Re: [Wireshark-users] Export TCP Stream - RTT Graph Data
- Next by thread: [Wireshark-users] Auto refresh of the open file
- Index(es):
- Get Wireshark
- Download
- Code of Conduct