Salta la navigazione

tshark -r enxt_drops.pcap -qz io,stat,0,"COUNT(tcp.analysis.retransmission)tcp.analysis.retransmission","COUNT(tcp.analysis.duplicate_ack)tcp.analysis.duplicate_ack","COUNT(tcp.analysis.lost_segment)tcp.analysis.lost_segment","COUNT(tcp.analysis.fast_retransmission)tcp.analysis.fast_retransmission"

-z io,stat,interval[,filter][,filter][,filter]...
Collect packet/bytes statistics for the capture in intervals of interval seconds. Interval can be specified either as a whole or fractional second and can be specified with ms
resolution. If interval is 0, the statistics will be calculated over all packets.
NOTE: One important thing to note here is that the field that the calculation is based on MUST also be part of the filter string or else the calculation will fail.

So: -z io,stat,0.010,AVG(smb.time) does not work. Use -z io,stat,0.010,AVG(smb.time)smb.time instead. Also be aware that a field can exist multiple times inside the same
packet and will then be counted multiple times in those packets.

-q When capturing packets, don't display the continuous count of packets captured that is normally shown when saving a capture to a file; instead, just display, at the end of the
capture, a count of packets captured. On systems that support the SIGINFO signal, such as various BSDs, you can cause the current count to be displayed by typing your "status"
character (typically control-T, although it might be set to "disabled" by default on at least some BSDs, so you'd have to explicitly set it to use it).

When reading a capture file, or when capturing and not saving to a file, don't print packet information; this is useful if you're using a -z option to calculate statistics and
don't want the packet information printed, just the statistics.


One Comment

  1. Pretty great post. I just stumbled upon your weblog and wanted to say that I’ve really enjoyed surfing around your weblog posts. In any case I’ll
    be subscribing for your feed and I’m hoping you write once more soon!


Inserisci i tuoi dati qui sotto o clicca su un'icona per effettuare l'accesso:


Stai commentando usando il tuo account Chiudi sessione /  Modifica )

Google+ photo

Stai commentando usando il tuo account Google+. Chiudi sessione /  Modifica )

Foto Twitter

Stai commentando usando il tuo account Twitter. Chiudi sessione /  Modifica )

Foto di Facebook

Stai commentando usando il tuo account Facebook. Chiudi sessione /  Modifica )


Connessione a %s...

%d blogger hanno fatto clic su Mi Piace per questo: