Hi,
You could write a patch based on your experiences.
Thanks,
Jaap
Rikard Svenningsen wrote:
Bye the way.
Would it be possible to let this bug be know as a workaround on the man
page, and the syntax -z io,stat,120,"COUNT(smb.time)smb.time" should get
more focus because it's not obvious to all that's the way you have to do
it on Linux/Unix.
I have being trying to figure out why it's not worked for me in almost a
year now.....
So if it was more know to the public more people would benefit from the
workaround and the syntax information.
Best Regards
Rikard Svenningsen
2009/11/29 j.snelders <j.snelders@xxxxxxxxxx <mailto:j.snelders@xxxxxxxxxx>>
Hi Rikard,
Do you use the , as decimal symbol?
You have to use the . as decimal symbol.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2880
Please check
Settings -> Control Pannel -> Regional And Language Options
Regards
Joan
On Sun, 29 Nov 2009 00:05:28 +0100 Rikard wrote:
>
>Now I have tried this:
>tshark -r test_b_hour09.cap -q -z
>io,stat,120,"COUNT(tcp.analysis.duplicate_ack)tcp.analysis.duplicate_ack","COUNT(tcp.analysis.retransmission)tcp.analysis.retransmission"
>
>It gives this:
>===================================================================
>IO Statistics
>Interval: 120.000 secs
>Column #0:
> | Column #0
>Time |frames| bytes
>000.000-120.000 2659 732369
>120.000-240.000 8025 2373944
>This is my version of tshark:
>TShark 1.2.2
>
>Copyright 1998-2009 Gerald Combs <gerald@xxxxxxxxxxxxx
<mailto:gerald@xxxxxxxxxxxxx>> and contributors.
>This is free software; see the source for copying conditions.
There is NO
>warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR
PURPOSE.
>
>Compiled with GLib 2.22.2, with libpcap 1.0.0, with libz 1.2.3.3,
with POSIX
>capabilities (Linux), with libpcre 7.8, with SMI 0.4.8, with
c-ares 1.6.0,
>with
>Lua 5.1, with GnuTLS 2.8.3, with Gcrypt 1.4.4, with MIT Kerberos, with
>GeoIP.
>
>Running on Linux 2.6.31-15-generic, with libpcap version 1.0.0, GnuTLS
>2.8.3,
>Gcrypt 1.4.4.
>
>Built using gcc 4.4.1.
>
>It is running on Ubuntu 9.10 64 bits. version
>
>
>2009/11/28 j.snelders <j.snelders@xxxxxxxxxx
<mailto:j.snelders@xxxxxxxxxx>>
>
>> Hi Rikard,
>>
>> Try this one:
>> $ tshark -r test.pcap -q -z
>>
io,stat,120,"COUNT(tcp.analysis.duplicate_ack)tcp.analysis.duplicate_ack","COUNT(tcp.analysis.retransmission)tcp.analysis.retransmission"
>>
>> ===================================================================
>> IO Statistics
>> Interval: 120.000 secs
>> Column #0:
COUNT(tcp.analysis.duplicate_ack)tcp.analysis.duplicate_ack
>> Column #1:
COUNT(tcp.analysis.retransmission)tcp.analysis.retransmission
>> | Column #0 | Column #1
>> Time | COUNT | COUNT
>> 000.000-120.000 12 4
>> ===================================================================
>>
>> Best regards
>> Joan
>>
>> On Sat, 28 Nov 2009 14:23:20 +0100 Rikard Svenningsen wrote:
>> >Hi
>> >I am trying to use tshark for analysis of some tcp error on my
network.
>> >I intent to use the following command:
>> >tshark -r FileToAnalyse -q -z
>>
>>
>io,stat,120,COUNT(tcp.analysis.duplicate_ack)tcp.analysis.duplicate_ack,COUNT(tcp.analysis.retransmission)tcp.analysis.retransmission
>> >
>> >The command: tshark ....... tcp.analysis.retransmission is
supposed to
>be
>> >on
>> >one line to get it work.
>> >I tried:
>> >-z
>>
>>
>"io,stat,120,COUNT(tcp.analysis.retransmission)tcp.analysis.retransmission"
>> >and
>> >-z
>>
>>
>'io,stat,120,COUNT(tcp.analysis.retransmission)tcp.analysis.retransmission'
>> >and
>> >-z
>>
>>
>io,stat,120,COUNT\(tcp.analysis.retransmission\)tcp.analysis.retransmission
>> >
>> >If I use it just like this:
>> >-z
>>
io,stat,120,COUNT(tcp.analysis.retransmission)tcp.analysis.retransmission
>> >
>> >I get this:
>> >bash: syntax error near unexpected token `('
>> >
>> >Only if I run the command in a DOS prompt in Windows, it will
work fine.
>> >-z
>>
io,stat,120,COUNT(tcp.analysis.retransmission)tcp.analysis.retransmission
>> >
>> >
>> >--
>> >Best regards
>> >Rikard Svenningsen
>> >Denmark
