Home page logo
/

wireshark logo Wireshark mailing list archives

Re: tshark load query
From: ronnie sahlberg <ronniesahlberg () gmail com>
Date: Tue, 7 Jun 2011 20:28:56 +1000

Yeah, that is a bug/warning with that plugin dissector and has nothing
to do with iostat/LOAD

regards
ronnie sahlberg


On Tue, Jun 7, 2011 at 4:17 AM, j.snelders <j.snelders () telfort nl> wrote:
Hi Ronnie,

The problem still exists in SVN37570.

$ tshark -v

** (tshark.exe:2932): WARNING **: openSAFETY - SercosIII heuristic dissector
can
not be registered, openSAFETY/SercosIII native dissection.
TShark 1.7.0-SVN-37570 (SVN Rev 37570 from /trunk)

Is this related to bug 5990 (SERCOS III built-in dissector (from plugin))?
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5990

Thanks
Joke


On Mon, 6 Jun 2011 17:43:03 +0200 j.snelders wrote:
Hi Ronnie,

The LOAD stats work, but with a warning.
I also get this warning, while running on WinXP 32-bit.

Thanks!
Joke

$ tshark -r test.pcap -qz "io,stat,360,LOAD(smb.time)smb.time"

** (tshark.exe:2872): WARNING **: openSAFETY - SercosIII heuristic dissector
can
not be registered, openSAFETY/SercosIII native dissection.

============================================================================
IO Statistics
Interval: 360.000000 secs
Column #0: LOAD(smb.time)smb.time
                       |    Column #0   |
Time                    |       LOAD     |
0000.000000-0360.000000         0.462096
0360.000000-0720.000000         0.100718
0720.000000-1080.000000         0.096485
1080.000000-1440.000000         0.035952
1440.000000-1800.000000         0.080976
1800.000000-2160.000000         0.008415
============================================================================

$ tshark -r test.pcap -qz "io,stat,720,LOAD(smb.time)smb.time"

** (tshark.exe:2536): WARNING **: openSAFETY - SercosIII heuristic dissector
can
not be registered, openSAFETY/SercosIII native dissection.

============================================================================
IO Statistics
Interval: 720.000000 secs
Column #0: LOAD(smb.time)smb.time
                       |    Column #0   |
Time                    |       LOAD     |
0000.000000-0720.000000         0.281407
0720.000000-1440.000000         0.066218
1440.000000-2160.000000         0.044695
============================================================================

$ tshark -v

** (tshark.exe:2616): WARNING **: openSAFETY - SercosIII heuristic dissector
can
not be registered, openSAFETY/SercosIII native dissection.
TShark 1.7.0-SVN-37568 (SVN Rev 37568 from /trunk)

Copyright 1998-2011 Gerald Combs <gerald () wireshark org> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GLib 2.26.1, with WinPcap (version unknown), with
libz
1.2.5, without POSIX capabilities, without libpcre, without SMI, with c-ares
1.7.1, with Lua 5.1, without Python, with GnuTLS 2.10.3, with Gcrypt 1.4.6,
without Kerberos, with GeoIP.

Running on Windows Server 2003 x64 Edition Service Pack 1, build 3790, with
WinPcap version 4.1.2 (packet.dll version 4.1.0.2001), based on libpcap
version
1.0 branch 1_0_rel0b (20091008).

Built using Microsoft Visual C++ 9.0 build 21022


On Mon, 6 Jun 2011 20:37:39 +1000 ronnie sahlberg wrote:
I have checked in to trunk an enhancement to add LOAD() stats to tshark
too.

LOAD() is shown as units of commands.
1.000 represents one I/O  which is different from the GUI graph where
one I/O is represented as 1000



Looks like this:

./tshark -n -r ../captures/smbwrite.cap -z
"io,stat,0.001,LOAD(smb.time)smb.time" -q

...

============================================================================
IO Statistics
Interval:   0.001000 secs
Column #0: LOAD(smb.time)smb.time
                       |    Column #0   |
Time                    |       LOAD     |
0000.000000-0000.001000         1.000000
0000.001000-0000.002000         0.741000
0000.002000-0000.003000         0.000000

...


have fun
ronnie sahlberg

On Mon, Jun 6, 2011 at 4:15 PM, ronnie sahlberg
<ronniesahlberg () gmail com> wrote:
Hmm. ? tap-iostat.c for tshark does not support this.

I must have had a private branch I forgot to commit.


Ill have a look and see if i can locate it, or else I might just
reimplement it again.

regards
ronnie sahlberg


On Mon, Jun 6, 2011 at 3:46 AM, j.snelders <j.snelders () telfort nl> wrote:
Are you referring to the presentation at the Storage Developer Conference
2008:
slide 69 - ?LOAD graphs?

Hopefully Ronnie Sahlberg reads your question...
I too like to know the answer.

Best regards
Joke

On Sun, 5 Jun 2011 17:05:27 +0300 Tal Bar-Or wrote:
To: Community support list for Wireshark <wireshark-users () wireshark org>
Subject: Re: [Wireshark-users] tshark load query

Hello j.snelders

Thanks you for the response , i did looked into the man-pages and saw
its
not specified but recently i read RonnieSahlberg Using Wireshark For
Analyzing CIFS
Traffic PDF.

And in the PDF he gives examples of tshark query and specifying that
this
kind of query is possible with tshark "*QUEUE DEPTH analysis can also
be
done by tshark*." so this is why i am looking for it
need it for a script that i am writing.

Thanks


On Sun, Jun 5, 2011 at 4:34 PM, j.snelders <j.snelders () telfort nl> wrote:

Hi Tal Bar-Or,

According to the man-pages this option is only available in Wireshark
and
not in TShark.

http://www.wireshark.org/docs/man-pages/wireshark.html
"advanced..." If Unit:advanced... is selected the window will display
two
more controls for each of the five graphs. One control will be a menu
where
the type of calculation can be selected from SUM,COUNT,MAX,MIN,AVG
and
LOAD,
and one control, textbox, where the name of a single display filter
field
can be specified.

http://www.wireshark.org/docs/man-pages/tshark.html
io,stat can also do much more statistics and calculate COUNT(), SUM(),
MIN(),
MAX(), and AVG() using a slightly different filter syntax:

?[COUNT|SUM|MIN|MAX|AVG](<field>)<filter>

My best
Joke



Date: Sun, 5 Jun 2011 14:33:54 +0300 Tal Bar-Or wrote:
Hello all,

I am trying to produce same query as sown in image with tshark.
Please advice

Thanks

--
Tal Bar-or





___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request () wireshark org?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]