Wireshark mailing list archives
Re: tshark iostat calculation
From: Stuart Kendrick <skendric () fhcrc org>
Date: Sun, 06 Nov 2011 13:47:07 -0800
Hi Joke,
OK, so I'm learning here, about preferences, for example -- thank you.
Seems to me that both of us are seeing a value of 0 for SUM because ...
per the snippet of man page you include ... SUM only adds fields of type
integer ... and tcp.time_delta is of type float ... am I correct here?
i.e. I can use the GUI to SUM tcp.time_delta, but I cannot use tshark do
this. Yes?
guru> tshark -nlr smbv2-copy.pcap -o tcp.calculate_timestamps:TRUE -R "(tcp.dstport==445)"
-qz io,stat,600,"MIN(tcp.time_delta)tcp.time_delta"
-qz io,stat,600,"SUM(tcp.time_delta)tcp.time_delta"
-qz io,stat,600,"MAX(tcp.time_delta)tcp.time_delta"
-qz io,stat,600,"AVG(tcp.time_delta)tcp.time_delta"
-qz io,stat,600,"COUNT(tcp.time_delta)tcp.time_delta"
===================================================================
IO Statistics
Interval: 600.000 secs
Column #0: COUNT(tcp.time_delta)tcp.time_delta
| Column #0
Time | COUNT
000.000-600.000 5784
===================================================================
===================================================================
IO Statistics
Interval: 600.000 secs
Column #0: AVG(tcp.time_delta)tcp.time_delta
| Column #0
Time | AVG
000.000-600.000 0.005
===================================================================
===================================================================
IO Statistics
Interval: 600.000 secs
Column #0: MAX(tcp.time_delta)tcp.time_delta
| Column #0
Time | MAX
000.000-600.000 15.740
===================================================================
===================================================================
IO Statistics
Interval: 600.000 secs
Column #0: SUM(tcp.time_delta)tcp.time_delta
| Column #0
Time | SUM
000.000-600.000 0
===================================================================
===================================================================
IO Statistics
Interval: 600.000 secs
Column #0: MIN(tcp.time_delta)tcp.time_delta
| Column #0
Time | MIN
000.000-600.000 0.000
===================================================================
guru>
On 11/6/2011 10:31 AM, j.snelders wrote:
Hi Stuart, To check whether tshark is using TCP timestamps run: $ tshark -G currentprefs | grep tcp.calculate_timestamps #tcp.calculate_timestamps: FALSE To enable TCP timestamps use: tshark -r FS01.pcap -o tcp.calculate_timestamps:TRUE -R "(tcp.dstport==445)" -qz io,stat,600,"MIN(tcp.time_delta)tcp.time_delta" -qz io,stat,600,"SUM(tcp.time_delta)tcp.time_delta" -z io,stat,600,"MAX(tcp.time_delta)tcp.time_delta" -z io,stat,600,"AVG(tcp.time_delta)tcp.time_delta" -z io,stat,600,"COUNT(tcp.time_delta)tcp.time_delta" [...]
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- tshark iostat calculation Stuart Kendrick (Nov 06)
- Re: tshark iostat calculation j.snelders (Nov 06)
- Re: tshark iostat calculation Stuart Kendrick (Nov 06)
- Re: tshark iostat calculation Chris Maynard (Nov 07)
- Re: tshark iostat calculation Stuart Kendrick (Nov 06)
- Re: tshark iostat calculation j.snelders (Nov 06)