Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-users: Re: [Wireshark-users] regarding tshark option -z io, stat, COUNT(tcp.analysis.du

From: Jaap Keuter <jaap.keuter@xxxxxxxxx>
Date: Sun, 29 Nov 2009 17:23:28 +0100
Hi,

You don't have to be. Just look at the man page, write the paragraph you think is missing, and sent it in. If you say where it goes, we'll work it into the man page.

Thanks,
Jaap


Rikard Svenningsen wrote:
I am just a plain user, I got no programming skills for that level of programming. But if possible I could on the other hand write a path to the man page, if that's what you mean?


2009/11/29 Jaap Keuter <jaap.keuter@xxxxxxxxx <mailto:jaap.keuter@xxxxxxxxx>>

    Hi,

    You could write a patch based on your experiences.

    Thanks,
    Jaap

    Rikard Svenningsen wrote:
     > Bye the way.
     > Would it be possible to let this bug be know as a workaround on
    the man
     > page, and the syntax -z io,stat,120,"COUNT(smb.time)smb.time"
    should get
     > more focus because it's not obvious to all that's the way you
    have to do
     > it on Linux/Unix.
     >
     > I have being trying to figure out why it's not worked for me in
    almost a
     > year now.....
     >
     > So if it was more know to the public more people would benefit
    from the
     > workaround and the syntax information.
     >
     > Best Regards
     > Rikard Svenningsen
     >
     >
     > 2009/11/29 j.snelders <j.snelders@xxxxxxxxxx
    <mailto:j.snelders@xxxxxxxxxx> <mailto:j.snelders@xxxxxxxxxx
    <mailto:j.snelders@xxxxxxxxxx>>>
     >
     >     Hi Rikard,
     >
     >     Do you use the , as decimal symbol?
     >     You have to use the . as decimal symbol.
     >     https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2880
     >
     >     Please check
     >     Settings -> Control Pannel -> Regional And Language Options
     >
     >     Regards
     >     Joan
     >
     >
     >     On Sun, 29 Nov 2009 00:05:28 +0100 Rikard wrote:
     >      >
     >      >Now I have tried this:
     >      >tshark -r test_b_hour09.cap -q -z
> >io,stat,120,"COUNT(tcp.analysis.duplicate_ack)tcp.analysis.duplicate_ack","COUNT(tcp.analysis.retransmission)tcp.analysis.retransmission"
     >      >
     >      >It gives this:
> >===================================================================
     >      >IO Statistics
     >      >Interval: 120.000 secs
     >      >Column #0:
     >      >                |   Column #0
     >      >Time            |frames|  bytes
     >      >000.000-120.000    2659    732369
     >      >120.000-240.000    8025   2373944
     >      >This is my version of tshark:
     >      >TShark 1.2.2
     >      >
     >      >Copyright 1998-2009 Gerald Combs <gerald@xxxxxxxxxxxxx
    <mailto:gerald@xxxxxxxxxxxxx>
     >     <mailto:gerald@xxxxxxxxxxxxx <mailto:gerald@xxxxxxxxxxxxx>>>
    and contributors.
     >      >This is free software; see the source for copying conditions.
     >     There is NO
     >      >warranty; not even for MERCHANTABILITY or FITNESS FOR A
    PARTICULAR
     >     PURPOSE.
     >      >
     >      >Compiled with GLib 2.22.2, with libpcap 1.0.0, with libz
    1.2.3.3,
     >     with POSIX
     >      >capabilities (Linux), with libpcre 7.8, with SMI 0.4.8, with
     >     c-ares 1.6.0,
     >      >with
     >      >Lua 5.1, with GnuTLS 2.8.3, with Gcrypt 1.4.4, with MIT
    Kerberos, with
     >      >GeoIP.
     >      >
     >      >Running on Linux 2.6.31-15-generic, with libpcap version
    1.0.0, GnuTLS
     >      >2.8.3,
     >      >Gcrypt 1.4.4.
     >      >
     >      >Built using gcc 4.4.1.
     >      >
     >      >It is running on Ubuntu 9.10 64 bits. version
     >      >
     >      >
     >      >2009/11/28 j.snelders <j.snelders@xxxxxxxxxx
    <mailto:j.snelders@xxxxxxxxxx>
     >     <mailto:j.snelders@xxxxxxxxxx <mailto:j.snelders@xxxxxxxxxx>>>
     >      >
     >      >> Hi Rikard,
     >      >>
     >      >> Try this one:
     >      >> $ tshark -r test.pcap -q -z
     >      >>
> io,stat,120,"COUNT(tcp.analysis.duplicate_ack)tcp.analysis.duplicate_ack","COUNT(tcp.analysis.retransmission)tcp.analysis.retransmission"
     >      >>
     >      >>
    ===================================================================
     >      >> IO Statistics
     >      >> Interval: 120.000 secs
     >      >> Column #0:
     >     COUNT(tcp.analysis.duplicate_ack)tcp.analysis.duplicate_ack
     >      >> Column #1:
     >     COUNT(tcp.analysis.retransmission)tcp.analysis.retransmission
     >      >>                |   Column #0    |   Column #1
     >      >> Time            |          COUNT |          COUNT
     >      >> 000.000-120.000                12                4
     >      >>
    ===================================================================
     >      >>
     >      >> Best regards
     >      >> Joan
     >      >>
     >      >> On Sat, 28 Nov 2009 14:23:20 +0100 Rikard Svenningsen wrote:
     >      >> >Hi
     >      >> >I am trying to use tshark for analysis of some tcp error
    on my
     >     network.
     >      >> >I intent to use the following command:
     >      >> >tshark -r FileToAnalyse -q -z
     >      >>
     >      >>
> >io,stat,120,COUNT(tcp.analysis.duplicate_ack)tcp.analysis.duplicate_ack,COUNT(tcp.analysis.retransmission)tcp.analysis.retransmission
     >      >> >
     >      >> >The command: tshark ....... tcp.analysis.retransmission is
     >     supposed to
     >      >be
     >      >> >on
     >      >> >one line to get it work.
     >      >> >I tried:
     >      >> >-z
     >      >>
     >      >>
> >"io,stat,120,COUNT(tcp.analysis.retransmission)tcp.analysis.retransmission"
     >      >> >and
     >      >> >-z
     >      >>
     >      >>
> >'io,stat,120,COUNT(tcp.analysis.retransmission)tcp.analysis.retransmission'
     >      >> >and
     >      >> >-z
     >      >>
     >      >>
> >io,stat,120,COUNT\(tcp.analysis.retransmission\)tcp.analysis.retransmission
     >      >> >
     >      >> >If I use it just like this:
     >      >> >-z
     >      >>
> io,stat,120,COUNT(tcp.analysis.retransmission)tcp.analysis.retransmission
     >      >> >
     >      >> >I get this:
     >      >> >bash: syntax error near unexpected token `('
     >      >> >
     >      >> >Only if I run the command in a DOS prompt in Windows, it
    will
     >     work fine.
     >      >> >-z
     >      >>
> io,stat,120,COUNT(tcp.analysis.retransmission)tcp.analysis.retransmission
     >      >> >
     >      >> >
     >      >> >--
     >      >> >Best regards
     >      >> >Rikard Svenningsen
     >      >> >Denmark
     >

    ___________________________________________________________________________
    Sent via:    Wireshark-users mailing list
    <wireshark-users@xxxxxxxxxxxxx <mailto:wireshark-users@xxxxxxxxxxxxx>>
    Archives:    http://www.wireshark.org/lists/wireshark-users
    Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
                mailto:wireshark-users-request@xxxxxxxxxxxxx
    <mailto:wireshark-users-request@xxxxxxxxxxxxx>?subject=unsubscribe




--
Med venlig hilsen
Rikard Svenningsen
Smalager 36
DK-7120


------------------------------------------------------------------------

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe