["Bland Chuck-CNGR85" <Chuck.Bland@xxxxxxxxxxxx>]

Ronnie,

 

The filter is tcp.len>0 and tcp.dstport==4176 and the COUNT(*) variable is "tcp".

 

The graph is a flat line at 0.

 

If I apply the filter as a display filter, I get lots of packets displayed, so I know the count isn't really zero.

 

What did I miss?

 

Chuck

---

From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of ronnie sahlberg
Sent: Friday, March 06, 2009 12:44 PM
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] Advanced Graph COunting

If you want to count how many packets there were  just specify 
"tcp" (or any field really would work) and it will count how many frames there 
are containing tcp.

If you want to count how many bytes were carried 
inside tcp use SUM(tcp.len) since this will add toghether all tcp.len fields it 
finds.

On Sat, Mar 7, 2009 at 7:28 AM, Bland Chuck-CNGR85 <Chuck.Bland@xxxxxxxxxxxx> wrote:

In an Advanced IO Graph, I have set the filter to tcp.len>0 to give me packets that have data. Now, I want to display how many in each time period made it through that filter. I presume I use a COUNT(*) graph, but what variable do I use?

 

Chuck Bland

 

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe