Wireshark · Wireshark-users: [Wireshark-users] tshark -z conv, type no sorting according to the total number of bytes

Wireshark-users: [Wireshark-users] tshark -z conv, type no sorting according to the total number

From: Markus Amend <markusa@xxxxxxxxxx>

Date: Thu, 02 Feb 2012 08:39:08 +0100

Hello,

in manual to tshark "-z conv,type" function stands:

"The table is presented with one line for each conversation and displaysthe number of packets/bytes in each direction as well as the totalnumber of packets/bytes. The table is sorted according to the totalnumber of bytes."

Tested with "tshark -r pcap_file -z conv, ip", "tshark -r pcap_file -zconv, udp", "tshark -r pcap_file -z conv, tcp", there is no sorting tothe total number of bytes, but to the toal number of frames.


Look at:

                                                                          | <-      | |       ->      | |     Total     |

| Frames Bytes | |Frames Bytes | | Frames Bytes |xxx:nfs <-> ggg:933 1343 1176990 1666 11579283009 2334918yyy:51290 <-> ccc:http-alt 1104 1004903 1104 728642208 1077767hhh:nfs <-> mmm:919 687 49210 1334 1997824 20212047034


This is verified with tshark v1.0.5 and v1.6.5.

Greetings

Follow-Ups:
- Re: [Wireshark-users] tshark -z conv, type no sorting according to the total number of bytes
  - From: Christopher Maynard

Next by Date: [Wireshark-users] Is there any wireshark version that can support 802.11u or any patch to support it?
Next by thread: Re: [Wireshark-users] tshark -z conv, type no sorting according to the total number of bytes
Index(es):
- Date
- Thread