-z io,stat,100,AVG(frame.pkt_len)frame.pkt_len
should work. There was a message some time ago that indicated that there was something wrong with
frame.xxx fields.
Can you try using a different field to look for averages instead of the frame.pkt_len field ?
Also do put the line inside quotes to not make your shell surprised :
-z "io,stat,100,AVG(frame.pkt_len)frame.pkt_len"
On 10/12/05, Niklas Abrahamsson (KI/EAB) <
niklas.abrahamsson@xxxxxxxxxxxx> wrote:woops,
pressed the wrong button and sent the mail unfinished.
what I was intending to write was that I thought that:
-r 1.dump -z io,stat,100,AVG(frame.pkt_len)frame.pkt_len
would get me the average packetsize of all the packets in the dump. but it doesn't. it just gives the same result as
-r 1.dump -z io,stat,100
and only gives an output of number of frames and total bytes.
anyone know what I'm doing wrong here? And yes, I am realy new to this kind of work.
Thanks,
Nicklas
-----Original Message-----
From: ethereal-users-bounces@xxxxxxxxxxxx
[mailto:ethereal-users-bounces@xxxxxxxxxxxx
]On Behalf Of Ulf Lamping
Sent: den 10 oktober 2005 14:47
To: ethereal-users@xxxxxxxxxxxx
Subject: RE: [Ethereal-users] Is ethereal the right software for me?
Ethereal user support <ethereal-users@xxxxxxxxxxxx> schrieb am 10.10.05 14:05:35:
>
>
Does anyone know of a good tethereal guide somewhere? I'm sitting with
the manual for it now and it is somewhat confusing at times. Not really
sure what kind of statistics I will be able to get out of the dumps
with tethereal. Oh and another question not regarding the usage of
ethereal but maybe anyone of you know anyway. I was looking to split
some of the tcpdump-files I have so that I could open them in ethereal
(the computer cant handle the large files as they are now). I tried
using tcpslice but whatever timestamp range I use I only get a 24k file
without any valid information. Its either that or getting a copy of the
dumpfile if I specify a timestamp range outside the stamps of the file.
Anyone know what the problem could be?
>
There's no real
tethereal specific guide (except for the man page). May I suggest that
you use Ethereal to get yourself comfortable with the various
statistics as the "visual approach" might be a lot faster and the stats
should be equal for Ethereal and Tethereal. You can later use Tethereal
for "production purpose".
There should be statistics documentation at: http://wiki.ethereal.com/Statistics but the various Statistics devlopers doesn't tend to document their work :-(
I think editcap can split capture files, but I didn't do that myself ...
Regards, ULFL
______________________________________________________________________
XXL-Speicher, PC-Virenschutz, Spartarife & mehr: Nur im
WEB.DE Club!
Jetzt gratis testen! http://freemail.web.de/home/landingpad/?mc=021130
_______________________________________________
Ethereal-users mailing list
Ethereal-users@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-users
_______________________________________________
Ethereal-users mailing list
Ethereal-users@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-users