Wireshark mailing list archives
Regarding tcp.stream filtering.
From: Rikard Svenningsen <wireshark () svenningsen dk>
Date: Fri, 11 Dec 2009 12:36:35 +0100
Hi everyone I have made a bash script counting from 1 to whatever need. It run a filter as tcp.stream == $count and do what you can see... 1. tshark -r capture.cap -R "tcp.stream == $count" > capture$count.stream 2. tshark -r capture.cap -R "tcp.stream == $count" -w capture$count.cap 3. tshark -r capture.cap -q -z io,stat,120 > capture$count.csv In the first file I take the first packet and the last packet and calculate the difference as when did the stream start and end. The next and third file I count number of packet and number of bytes. Doing that I found out that there might bee some gaps between streams as 1, 2, 3, 5, 7, 8, 9, 10. How is that? I thought Wireshark / tshark counted the stream and numbered in a series. -- Med venlig hilsen Rikard Svenningsen Smalager 36 DK-7120
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- Regarding tcp.stream filtering. Rikard Svenningsen (Dec 11)
- Re: Regarding tcp.stream filtering. Sake Blok (Dec 11)