Wireshark · Wireshark-users: Re: [Wireshark-users] regarding tshark option -z io, stat, COUNT(tcp.analysis.duplicate_ack)tcp.anal

Wireshark-users: Re: [Wireshark-users] regarding tshark option -z io, stat, COUNT(tcp.analysis.du

From: Rikard Svenningsen <wireshark@xxxxxxxxxxxxxx>

Date: Sun, 29 Nov 2009 10:57:04 +0100

Now I have tested on a Linux running DK languish as you stated would not work and you are right, running UK languish then it works fine.
It seems to bee right about the decimal point being , and it wont work... even it's not on Windows.

Thanks for your help.

Best regards
Rikard Svenningsen.

2009/11/29 j.snelders <j.snelders@xxxxxxxxxx>

Hi Rikard,

Do you use the , as decimal symbol?
You have to use the . as decimal symbol.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2880

Please check
Settings -> Control Pannel -> Regional And Language Options

Regards
Joan

On Sun, 29 Nov 2009 00:05:28 +0100 Rikard wrote:
>
>Now I have tried this:
>tshark -r test_b_hour09.cap -q -z
>io,stat,120,"COUNT(tcp.analysis.duplicate_ack)tcp.analysis.duplicate_ack","COUNT(tcp.analysis.retransmission)tcp.analysis.retransmission"
>
>It gives this:
>===================================================================
>IO Statistics
>Interval: 120.000 secs
>Column #0:
> | Column #0
>Time |frames| bytes
>000.000-120.000 2659 732369
>120.000-240.000 8025 2373944
>This is my version of tshark:
>TShark 1.2.2
>
>Copyright 1998-2009 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
>This is free software; see the source for copying conditions. There is NO
>warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
>
>Compiled with GLib 2.22.2, with libpcap 1.0.0, with libz 1.2.3.3, with POSIX
>capabilities (Linux), with libpcre 7.8, with SMI 0.4.8, with c-ares 1.6.0,
>with
>Lua 5.1, with GnuTLS 2.8.3, with Gcrypt 1.4.4, with MIT Kerberos, with
>GeoIP.
>
>Running on Linux 2.6.31-15-generic, with libpcap version 1.0.0, GnuTLS
>2.8.3,
>Gcrypt 1.4.4.
>
>Built using gcc 4.4.1.
>
>It is running on Ubuntu 9.10 64 bits. version
>
>
>2009/11/28 j.snelders <j.snelders@xxxxxxxxxx>
>
>> Hi Rikard,
>>
>> Try this one:
>> $ tshark -r test.pcap -q -z
>> io,stat,120,"COUNT(tcp.analysis.duplicate_ack)tcp.analysis.duplicate_ack","COUNT(tcp.analysis.retransmission)tcp.analysis.retransmission"
>>
>> ===================================================================
>> IO Statistics
>> Interval: 120.000 secs
>> Column #0: COUNT(tcp.analysis.duplicate_ack)tcp.analysis.duplicate_ack
>> Column #1: COUNT(tcp.analysis.retransmission)tcp.analysis.retransmission
>> | Column #0 | Column #1
>> Time | COUNT | COUNT
>> 000.000-120.000 12 4
>> ===================================================================
>>
>> Best regards
>> Joan
>>
>> On Sat, 28 Nov 2009 14:23:20 +0100 Rikard Svenningsen wrote:
>> >Hi
>> >I am trying to use tshark for analysis of some tcp error on my network.
>> >I intent to use the following command:
>> >tshark -r FileToAnalyse -q -z
>>
>> >io,stat,120,COUNT(tcp.analysis.duplicate_ack)tcp.analysis.duplicate_ack,COUNT(tcp.analysis.retransmission)tcp.analysis.retransmission
>> >
>> >The command: tshark ....... tcp.analysis.retransmission is supposed to
>be
>> >on
>> >one line to get it work.
>> >I tried:
>> >-z
>>
>> >"io,stat,120,COUNT(tcp.analysis.retransmission)tcp.analysis.retransmission"
>> >and
>> >-z
>>
>> >'io,stat,120,COUNT(tcp.analysis.retransmission)tcp.analysis.retransmission'
>> >and
>> >-z
>>
>> >io,stat,120,COUNT$tcp.analysis.retransmission$tcp.analysis.retransmission
>> >
>> >If I use it just like this:
>> >-z
>> io,stat,120,COUNT(tcp.analysis.retransmission)tcp.analysis.retransmission
>> >
>> >I get this:
>> >bash: syntax error near unexpected token `('
>> >
>> >Only if I run the command in a DOS prompt in Windows, it will work fine.
>> >-z
>> io,stat,120,COUNT(tcp.analysis.retransmission)tcp.analysis.retransmission
>> >
>> >
>> >--
>> >Best regards
>> >Rikard Svenningsen
>> >Denmark

___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe

--
Med venlig hilsen
Rikard Svenningsen
Smalager 36
DK-7120

References:
- Re: [Wireshark-users] regarding tshark option -z io, stat, COUNT(tcp.analysis.duplicate_ack)tcp.analysis.duplicate_ack
  - From: Rikard Svenningsen
- Re: [Wireshark-users] regarding tshark option -z io, stat, COUNT(tcp.analysis.duplicate_ack)tcp.analysis.duplicate_ack
  - From: j.snelders

Prev by Date: Re: [Wireshark-users] regarding tshark option -z io, stat, COUNT(tcp.analysis.duplicate_ack)tcp.analysis.duplicate_ack
Next by Date: Re: [Wireshark-users] regarding tshark option -z io, stat, COUNT(tcp.analysis.duplicate_ack)tcp.analysis.duplicate_ack
Previous by thread: Re: [Wireshark-users] regarding tshark option -z io, stat, COUNT(tcp.analysis.duplicate_ack)tcp.analysis.duplicate_ack
Next by thread: Re: [Wireshark-users] regarding tshark option -z io, stat, COUNT(tcp.analysis.duplicate_ack)tcp.analysis.duplicate_ack
Index(es):
- Date
- Thread