Wireshark-users: Re: [Wireshark-users] regarding tshark option -z io, stat, COUNT(tcp.analysis.du
Hi Rikard,

Try this one:
$ tshark -r test.pcap -q -z io,stat,120,"COUNT(tcp.analysis.duplicate_ack)tcp.analysis.duplicate_ack","COUNT(tcp.analysis.retransmission)tcp.analysis.retransmission"

===================================================================
IO Statistics
Interval: 120.000 secs
Column #0: COUNT(tcp.analysis.duplicate_ack)tcp.analysis.duplicate_ack
Column #1: COUNT(tcp.analysis.retransmission)tcp.analysis.retransmission
                |   Column #0    |   Column #1
Time            |          COUNT |          COUNT
000.000-120.000                12                4
===================================================================

Best regards
Joan

On Sat, 28 Nov 2009 14:23:20 +0100 Rikard Svenningsen wrote:
>Hi
>I am trying to use tshark for analysis of some tcp error on my network.
>I intent to use the following command:
>tshark -r FileToAnalyse -q -z
>io,stat,120,COUNT(tcp.analysis.duplicate_ack)tcp.analysis.duplicate_ack,COUNT(tcp.analysis.retransmission)tcp.analysis.retransmission
>
>The command: tshark ....... tcp.analysis.retransmission is supposed to be
>on
>one line to get it work.
>I tried:
>-z
>"io,stat,120,COUNT(tcp.analysis.retransmission)tcp.analysis.retransmission"
>and
>-z
>'io,stat,120,COUNT(tcp.analysis.retransmission)tcp.analysis.retransmission'
>and
>-z
>io,stat,120,COUNT\(tcp.analysis.retransmission\)tcp.analysis.retransmission
>
>If I use it just like this:
>-z io,stat,120,COUNT(tcp.analysis.retransmission)tcp.analysis.retransmission
>
>I get this:
>bash: syntax error near unexpected token `('
>
>Only if I run the command in a DOS prompt in Windows, it will work fine.
>-z io,stat,120,COUNT(tcp.analysis.retransmission)tcp.analysis.retransmission
>
>
>-- 
>Best regards
>Rikard Svenningsen
>Denmark
>___________________________________________________________________________
>Sent via:    Wireshark-users mailing list <[email protected]>
>Archives:    http://www.wireshark.org/lists/wireshark-users
>Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>             mailto:[email protected]?subject=unsubscribe