Wireshark · Wireshark-users: Re: [Wireshark-users] tshark load query

[ronnie sahlberg <ronniesahlberg@xxxxxxxxx>]

Yeah, that is a bug/warning with that plugin dissector and has nothing
to do with iostat/LOAD

regards
ronnie sahlberg


On Tue, Jun 7, 2011 at 4:17 AM, j.snelders <j.snelders@xxxxxxxxxx> wrote:
> Hi Ronnie,
>
> The problem still exists in SVN37570.
>
> $ tshark -v
>
> ** (tshark.exe:2932): WARNING **: openSAFETY - SercosIII heuristic dissector
> can
> not be registered, openSAFETY/SercosIII native dissection.
> TShark 1.7.0-SVN-37570 (SVN Rev 37570 from /trunk)
>
> Is this related to bug 5990 (SERCOS III built-in dissector (from plugin))?
> https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5990
>
> Thanks
> Joke
>
>
> On Mon, 6 Jun 2011 17:43:03 +0200 j.snelders wrote:
>>Hi Ronnie,
>>
>>The LOAD stats work, but with a warning.
>>I also get this warning, while running on WinXP 32-bit.
>>
>>Thanks!
>>Joke
>>
>>$ tshark -r test.pcap -qz "io,stat,360,LOAD(smb.time)smb.time"
>>
>>** (tshark.exe:2872): WARNING **: openSAFETY - SercosIII heuristic dissector
>>can
>>not be registered, openSAFETY/SercosIII native dissection.
>>
>>============================================================================
>>IO Statistics
>>Interval: 360.000000 secs
>>Column #0: LOAD(smb.time)smb.time
>>                        |    Column #0   |
>>Time                    |       LOAD     |
>>0000.000000-0360.000000         0.462096
>>0360.000000-0720.000000         0.100718
>>0720.000000-1080.000000         0.096485
>>1080.000000-1440.000000         0.035952
>>1440.000000-1800.000000         0.080976
>>1800.000000-2160.000000         0.008415
>>============================================================================
>>
>>$ tshark -r test.pcap -qz "io,stat,720,LOAD(smb.time)smb.time"
>>
>>** (tshark.exe:2536): WARNING **: openSAFETY - SercosIII heuristic dissector
>>can
>>not be registered, openSAFETY/SercosIII native dissection.
>>
>>============================================================================
>>IO Statistics
>>Interval: 720.000000 secs
>>Column #0: LOAD(smb.time)smb.time
>>                        |    Column #0   |
>>Time                    |       LOAD     |
>>0000.000000-0720.000000         0.281407
>>0720.000000-1440.000000         0.066218
>>1440.000000-2160.000000         0.044695
>>============================================================================
>>
>>$ tshark -v
>>
>>** (tshark.exe:2616): WARNING **: openSAFETY - SercosIII heuristic dissector
>>can
>>not be registered, openSAFETY/SercosIII native dissection.
>>TShark 1.7.0-SVN-37568 (SVN Rev 37568 from /trunk)
>>
>>Copyright 1998-2011 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
>>This is free software; see the source for copying conditions. There is NO
>>warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
>>
>>Compiled (64-bit) with GLib 2.26.1, with WinPcap (version unknown), with
>>libz
>>1.2.5, without POSIX capabilities, without libpcre, without SMI, with c-ares
>>1.7.1, with Lua 5.1, without Python, with GnuTLS 2.10.3, with Gcrypt 1.4.6,
>>without Kerberos, with GeoIP.
>>
>>Running on Windows Server 2003 x64 Edition Service Pack 1, build 3790, with
>>WinPcap version 4.1.2 (packet.dll version 4.1.0.2001), based on libpcap
> version
>>1.0 branch 1_0_rel0b (20091008).
>>
>>Built using Microsoft Visual C++ 9.0 build 21022
>>
>>
>>On Mon, 6 Jun 2011 20:37:39 +1000 ronnie sahlberg wrote:
>>>I have checked in to trunk an enhancement to add LOAD() stats to tshark
>>too.
>>>
>>>LOAD() is shown as units of commands.
>>>1.000 represents one I/O  which is different from the GUI graph where
>>>one I/O is represented as 1000
>>>
>>>
>>>
>>>Looks like this:
>>>
>>>./tshark -n -r ../captures/smbwrite.cap -z
>>>"io,stat,0.001,LOAD(smb.time)smb.time" -q
>>>
>>>...
>>>
>>>============================================================================
>>>IO Statistics
>>>Interval:   0.001000 secs
>>>Column #0: LOAD(smb.time)smb.time
>>>                        |    Column #0   |
>>>Time                    |       LOAD     |
>>>0000.000000-0000.001000         1.000000
>>>0000.001000-0000.002000         0.741000
>>>0000.002000-0000.003000         0.000000
>>>
>>>...
>>>
>>>
>>>have fun
>>>ronnie sahlberg
>>>
>>>On Mon, Jun 6, 2011 at 4:15 PM, ronnie sahlberg
>>><ronniesahlberg@xxxxxxxxx> wrote:
>>>> Hmm. ? tap-iostat.c for tshark does not support this.
>>>>
>>>> I must have had a private branch I forgot to commit.
>>>>
>>>>
>>>> Ill have a look and see if i can locate it, or else I might just
>>>> reimplement it again.
>>>>
>>>> regards
>>>> ronnie sahlberg
>>>>
>>>>
>>>> On Mon, Jun 6, 2011 at 3:46 AM, j.snelders <j.snelders@xxxxxxxxxx> wrote:
>>>>> Are you referring to the presentation at the Storage Developer Conference
>>>>> 2008:
>>>>> slide 69 - ?LOAD graphs?
>>>>>
>>>>> Hopefully Ronnie Sahlberg reads your question...
>>>>> I too like to know the answer.
>>>>>
>>>>> Best regards
>>>>> Joke
>>>>>
>>>>> On Sun, 5 Jun 2011 17:05:27 +0300 Tal Bar-Or wrote:
>>>>>>To: Community support list for Wireshark <wireshark-users@xxxxxxxxxxxxx>
>>>>>>Subject: Re: [Wireshark-users] tshark load query
>>>>>
>>>>>>Hello j.snelders
>>>>>>
>>>>>>Thanks you for the response , i did looked into the man-pages and saw
>>>its
>>>>>>not specified but recently i read RonnieSahlberg Using Wireshark For
>>>>>>Analyzing CIFS
>>>>>>Traffic PDF.
>>>>>>
>>>>>>And in the PDF he gives examples of tshark query and specifying that
>>this
>>>>>>kind of query is possible with tshark "*QUEUE DEPTH analysis can also
>>>be
>>>>>>done by tshark*." so this is why i am looking for it
>>>>>>need it for a script that i am writing.
>>>>>>
>>>>>>Thanks
>>>>>>
>>>>>>
>>>>>>On Sun, Jun 5, 2011 at 4:34 PM, j.snelders <j.snelders@xxxxxxxxxx> wrote:
>>>>>>
>>>>>>> Hi Tal Bar-Or,
>>>>>>>
>>>>>>> According to the man-pages this option is only available in Wireshark
>>>>> and
>>>>>>> not in TShark.
>>>>>>>
>>>>>>> http://www.wireshark.org/docs/man-pages/wireshark.html
>>>>>>> "advanced..." If Unit:advanced... is selected the window will display
>>>>> two
>>>>>>> more controls for each of the five graphs. One control will be a menu
>>>>> where
>>>>>>> the type of calculation can be selected from SUM,COUNT,MAX,MIN,AVG
>>and
>>>>>>> LOAD,
>>>>>>> and one control, textbox, where the name of a single display filter
>>>field
>>>>>>> can be specified.
>>>>>>>
>>>>>>> http://www.wireshark.org/docs/man-pages/tshark.html
>>>>>>> io,stat can also do much more statistics and calculate COUNT(), SUM(),
>>>>>>> MIN(),
>>>>>>> MAX(), and AVG() using a slightly different filter syntax:
>>>>>>>
>>>>>>> ?[COUNT|SUM|MIN|MAX|AVG](<field>)<filter>
>>>>>>>
>>>>>>> My best
>>>>>>> Joke
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> >Date: Sun, 5 Jun 2011 14:33:54 +0300 Tal Bar-Or wrote:
>>>>>>> >Hello all,
>>>>>>> >
>>>>>>> >I am trying to produce same query as sown in image with tshark.
>>>>>>> >Please advice
>>>>>>> >
>>>>>>> >Thanks
>>>>>>> >
>>>>>>> >--
>>>>>>> >Tal Bar-or
>
>
>
>
>
> ___________________________________________________________________________
> Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
> Archives:    http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
>