On 3 nov 2010, at 15:36, Tal Bar-Or wrote:
> i have following query to produce graph for SMB request using it at "Wireshark IO graph" that i would like to get it in table in console Tshark i tried few possibility without success , my question is it possible with Tshark?
Does this look like what you'd like to achieve?
sake@macsake:/tmp$ tshark -nlr smb.cap -R "(smb.flags.response == 1)" -qz io,stat,10,"COUNT(smb.time)smb.time","MIN(smb.time)smb.time","AVG(smb.time)smb.time","MAX(smb.time)smb.time"
===================================================================
IO Statistics
Interval: 10.000 secs
Column #0: COUNT(smb.time)smb.time
Column #1: MIN(smb.time)smb.time
Column #2: AVG(smb.time)smb.time
Column #3: MAX(smb.time)smb.time
| Column #0 | Column #1 | Column #2 | Column #3
Time | COUNT | MIN | AVG | MAX
000.000-010.000 144 0.020 0.027 0.138
010.000-020.000 251 0.020 0.027 0.087
020.000-030.000 104 0.021 0.053 2.949
030.000-040.000 97 0.021 0.183 2.642
040.000-050.000 49 0.022 0.041 0.207
050.000-060.000 17 0.021 3.454 33.465
060.000-070.000 7 0.021 0.023 0.027
===================================================================
sake@macsake:/tmp$
Cheers,
Sake
