Wireshark-users: Re: [Wireshark-users] regarding tshark option -z io, stat, COUNT(tcp.analysis.du
From: Jaap Keuter <jaap.keuter@xxxxxxxxx>
Date: Sun, 29 Nov 2009 17:23:28 +0100
Hi,You don't have to be. Just look at the man page, write the paragraph you think is missing, and sent it in. If you say where it goes, we'll work it into the man page.
Thanks, Jaap Rikard Svenningsen wrote:
I am just a plain user, I got no programming skills for that level of programming. But if possible I could on the other hand write a path to the man page, if that's what you mean?2009/11/29 Jaap Keuter <jaap.keuter@xxxxxxxxx <mailto:jaap.keuter@xxxxxxxxx>>Hi, You could write a patch based on your experiences. Thanks, Jaap Rikard Svenningsen wrote: > Bye the way. > Would it be possible to let this bug be know as a workaround on the man > page, and the syntax -z io,stat,120,"COUNT(smb.time)smb.time" should get > more focus because it's not obvious to all that's the way you have to do > it on Linux/Unix. > > I have being trying to figure out why it's not worked for me in almost a > year now..... > > So if it was more know to the public more people would benefit from the > workaround and the syntax information. > > Best Regards > Rikard Svenningsen > > > 2009/11/29 j.snelders <j.snelders@xxxxxxxxxx <mailto:j.snelders@xxxxxxxxxx> <mailto:j.snelders@xxxxxxxxxx <mailto:j.snelders@xxxxxxxxxx>>> > > Hi Rikard, > > Do you use the , as decimal symbol? > You have to use the . as decimal symbol. > https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2880 > > Please check > Settings -> Control Pannel -> Regional And Language Options > > Regards > Joan > > > On Sun, 29 Nov 2009 00:05:28 +0100 Rikard wrote: > > > >Now I have tried this: > >tshark -r test_b_hour09.cap -q -z> >io,stat,120,"COUNT(tcp.analysis.duplicate_ack)tcp.analysis.duplicate_ack","COUNT(tcp.analysis.retransmission)tcp.analysis.retransmission"> > > >It gives this:> >===================================================================> >IO Statistics > >Interval: 120.000 secs > >Column #0: > > | Column #0 > >Time |frames| bytes > >000.000-120.000 2659 732369 > >120.000-240.000 8025 2373944 > >This is my version of tshark: > >TShark 1.2.2 > > > >Copyright 1998-2009 Gerald Combs <gerald@xxxxxxxxxxxxx <mailto:gerald@xxxxxxxxxxxxx> > <mailto:gerald@xxxxxxxxxxxxx <mailto:gerald@xxxxxxxxxxxxx>>> and contributors. > >This is free software; see the source for copying conditions. > There is NO > >warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR > PURPOSE. > > > >Compiled with GLib 2.22.2, with libpcap 1.0.0, with libz 1.2.3.3, > with POSIX > >capabilities (Linux), with libpcre 7.8, with SMI 0.4.8, with > c-ares 1.6.0, > >with > >Lua 5.1, with GnuTLS 2.8.3, with Gcrypt 1.4.4, with MIT Kerberos, with > >GeoIP. > > > >Running on Linux 2.6.31-15-generic, with libpcap version 1.0.0, GnuTLS > >2.8.3, > >Gcrypt 1.4.4. > > > >Built using gcc 4.4.1. > > > >It is running on Ubuntu 9.10 64 bits. version > > > > > >2009/11/28 j.snelders <j.snelders@xxxxxxxxxx <mailto:j.snelders@xxxxxxxxxx> > <mailto:j.snelders@xxxxxxxxxx <mailto:j.snelders@xxxxxxxxxx>>> > > > >> Hi Rikard, > >> > >> Try this one: > >> $ tshark -r test.pcap -q -z > >>> io,stat,120,"COUNT(tcp.analysis.duplicate_ack)tcp.analysis.duplicate_ack","COUNT(tcp.analysis.retransmission)tcp.analysis.retransmission"> >> > >> =================================================================== > >> IO Statistics > >> Interval: 120.000 secs > >> Column #0: > COUNT(tcp.analysis.duplicate_ack)tcp.analysis.duplicate_ack > >> Column #1: > COUNT(tcp.analysis.retransmission)tcp.analysis.retransmission > >> | Column #0 | Column #1 > >> Time | COUNT | COUNT > >> 000.000-120.000 12 4 > >> =================================================================== > >> > >> Best regards > >> Joan > >> > >> On Sat, 28 Nov 2009 14:23:20 +0100 Rikard Svenningsen wrote: > >> >Hi > >> >I am trying to use tshark for analysis of some tcp error on my > network. > >> >I intent to use the following command: > >> >tshark -r FileToAnalyse -q -z > >> > >>> >io,stat,120,COUNT(tcp.analysis.duplicate_ack)tcp.analysis.duplicate_ack,COUNT(tcp.analysis.retransmission)tcp.analysis.retransmission> >> > > >> >The command: tshark ....... tcp.analysis.retransmission is > supposed to > >be > >> >on > >> >one line to get it work. > >> >I tried: > >> >-z > >> > >>> >"io,stat,120,COUNT(tcp.analysis.retransmission)tcp.analysis.retransmission"> >> >and > >> >-z > >> > >>> >'io,stat,120,COUNT(tcp.analysis.retransmission)tcp.analysis.retransmission'> >> >and > >> >-z > >> > >>> >io,stat,120,COUNT\(tcp.analysis.retransmission\)tcp.analysis.retransmission> >> > > >> >If I use it just like this: > >> >-z > >>> io,stat,120,COUNT(tcp.analysis.retransmission)tcp.analysis.retransmission> >> > > >> >I get this: > >> >bash: syntax error near unexpected token `(' > >> > > >> >Only if I run the command in a DOS prompt in Windows, it will > work fine. > >> >-z > >>> io,stat,120,COUNT(tcp.analysis.retransmission)tcp.analysis.retransmission> >> > > >> > > >> >-- > >> >Best regards > >> >Rikard Svenningsen > >> >Denmark > ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx <mailto:wireshark-users@xxxxxxxxxxxxx>> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request@xxxxxxxxxxxxx <mailto:wireshark-users-request@xxxxxxxxxxxxx>?subject=unsubscribe -- Med venlig hilsen Rikard Svenningsen Smalager 36 DK-7120 ------------------------------------------------------------------------ ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
- References:
- Re: [Wireshark-users] regarding tshark option -z io, stat, COUNT(tcp.analysis.duplicate_ack)tcp.analysis.duplicate_ack
- From: Rikard Svenningsen
- Re: [Wireshark-users] regarding tshark option -z io, stat, COUNT(tcp.analysis.duplicate_ack)tcp.analysis.duplicate_ack
- From: j.snelders
- Re: [Wireshark-users] regarding tshark option -z io, stat, COUNT(tcp.analysis.duplicate_ack)tcp.analysis.duplicate_ack
- From: Rikard Svenningsen
- Re: [Wireshark-users] regarding tshark option -z io, stat, COUNT(tcp.analysis.duplicate_ack)tcp.analysis.duplicate_ack
- From: Jaap Keuter
- Re: [Wireshark-users] regarding tshark option -z io, stat, COUNT(tcp.analysis.duplicate_ack)tcp.analysis.duplicate_ack
- From: Rikard Svenningsen
- Re: [Wireshark-users] regarding tshark option -z io, stat, COUNT(tcp.analysis.duplicate_ack)tcp.analysis.duplicate_ack
- Prev by Date: Re: [Wireshark-users] regarding tshark option -z io, stat, COUNT(tcp.analysis.duplicate_ack)tcp.analysis.duplicate_ack
- Next by Date: [Wireshark-users] Generating Captured Packets
- Previous by thread: Re: [Wireshark-users] regarding tshark option -z io, stat, COUNT(tcp.analysis.duplicate_ack)tcp.analysis.duplicate_ack
- Next by thread: [Wireshark-users] Generating Captured Packets
- Index(es):
- Get Wireshark
- Download
- Code of Conduct