Wireshark-users: Re: [Wireshark-users] Trying to compare two traces at both server and client sid

From: Jaap Keuter <jaap.keuter@xxxxxxxxx>
Date: Mon, 07 Mar 2011 19:52:21 +0100
Hi,

Just had a quick look. Seems to be right, but a generic solution would be nice.

Thanks,
Jaap

On 03/07/2011 04:31 PM, Jeff Morriss wrote:

We had similar problems with io,stat from the command line:

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2880

That was eventually fixed in rev 34926, so I would imagine same solution
could be used here.

Jaap Keuter wrote:
Hi,

The compare feature is driven from the command line option:
"compare,%d,%d,%d,%d,%lf,%n". This format is scanned from the
parameters, either from the command line or the dialog. The problem is
that the time variance parameter is a floating point, where the
separator is expected to be a '.'. If your locale has ',' as separator
you end up with the partial bit of the time variance as part of the
filter, like you see.

Thanks,
Jaap

On 03/06/2011 11:16 AM, Bartosz Kiziukiewicz wrote:
Hi Jaap,

it seems to be it (or at least close to it).
I'm using Windows 7 Professional 32-bit Polish
with Polish locale set.

I also checked it on the Windows 7 Ultimate EN on VMware machine and the
Compare feature works.
Is there any way to fix it on my OS (other than changing system
settings)?

Cheers,
Bartosz.



On Sun, 06 Mar 2011 10:11:03 +0100, Jaap Keuter <jaap.keuter@xxxxxxxxx>
wrote:

Hi,

What's your locale?

Thanks,
Jaap

On 03/04/2011 09:53 AM, Bartosz Kiziukiewicz wrote:
Hi,

I'm trying to use Wireshark "Version 1.4.3 (SVN Rev 35482 from
/trunk-1.4)" under Windows 7 OS to compare two packet
traces that were made at (lets say) a server and a client side.
There's a Statistics -> Compare feature that should do the job, at
least
on the basic level.
However it does not seem to work at all.
I merged two trace files together, set time variance to 2 seconds and
entered a display filter: "ip.addr==192.168.0.62".
After pressing the "Create stat" button I got: "Filter
"000000,ip.addr==192.168.0.62" is invalid - Syntax error.".
Is there any special way that should be followed to make such
comparison?