Hello @all,
I need help regarding wireshark statistic function. I would
like to analyze the tcp-retransmissions in relation to the time. Therefore I
wrote a script with the following command:
tshark –r example.pcap –qz
io,stat,1,0,sum(tcp.analysis.retransmission)”ip.addr==10.10.10.10”
> stat.txt
The first issue: There is a difference between
“sum()” and “SUM()”:
tshark: tcp.analysis.retransmission doesn't have integral
values, so SUM(*) calculations are not supported on it.
…with “sum()” and tshark 0.99.7 I got some
stats.
The second issue: The releases 0.99.8 and 1.0 don’t
work neither with “sum()” nor “SUM()”:
tshark: Couldn't register io,stat
tap: Filter "sum(tcp.analysis.retransmission)ip.addr==10.10.10.10"
is invalid - Syntax error.
Could
anybody help me or explain this issue?
Regards,
Michael
�