Wireshark mailing list archives
Re: Problems with tshark displayfilters
From: "Sake Blok" <sake () euronet nl>
Date: Tue, 8 Dec 2009 18:04:33 +0100
The display filter used by Sebastian is to limit the statistics. The problem is the regional setting. Which is probably
set to a region in which the "," is the decimal separator. If you set the decimal separator to "." (dot), the command
will work...
There is already a bug for this on bugzilla too...
Cheers,
Sake
----- Original Message -----
From: sean bzd
To: Community support list for Wireshark
Sent: Tuesday, December 08, 2009 5:28 PM
Subject: Re: [Wireshark-users] Problems with tshark displayfilters
Isn't the display filter set using -R option. I don't see that in your command.
On Tue, Dec 8, 2009 at 8:57 AM, Sebastian Dahlbruch <Paule_De () gmx de> wrote:
Hello !
So I want to use tshark (v 1.2.4) to get information out of the captures to a txt file, afterwards I want to
convert the txt to a csv and create statistics out of it.
But when using tshark it seems to ignore all display filters I'm using.
Here is an example I've found:
"tshark.exe -q -z "io,stat,600, ,tcp.port == 80" -r DividedFile_1.pcap >> stats.txt"
This should lead to a txt file containing:
===================================================================
IO Statistics
Interval: 600.000 secs
Column #0:
Column #1: tcp.port == 80
| Column #0 | Column #1
Time |frames| bytes |frames| bytes
000.000-600.000 281214 128192886 51408 28494414
===================================================================
(I hope this is properly formatted now)
But in my case I only get the first column.
So I tried it with just one filter:
"tshark.exe -q -z "io,stat,600,tcp.port == 80" -r DividedFile_1.pcap >> stats.txt"
===================================================================
IO Statistics
Interval: 600.000 secs
Column #0:
| Column #0
Time |frames| bytes
000.000-600.000 281214 128192886
===================================================================
Same result with no filter option set, or like before with both filters on.
The same happens when using different filters like ip.addr (even if it's not on the same subnet) or different ports.
Does anyone here have an answer explaining this behaviour or maybe a complete different solution ?
Because I seem to be the only one having this problem I guess I'm doing something wrong here.
Thanks in advance!
Greetings
Sebastian
--
Jetzt kostenlos herunterladen: Internet Explorer 8 und Mozilla Firefox 3.5 -
sicherer, schneller und einfacher! http://portal.gmx.net/de/go/chbrowser
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users () wireshark org>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request () wireshark org?subject=unsubscribe
------------------------------------------------------------------------------
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users () wireshark org>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request () wireshark org?subject=unsubscribe___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- Problems with tshark displayfilters Sebastian Dahlbruch (Dec 08)
- Re: Problems with tshark displayfilters sean bzd (Dec 08)
- Re: Problems with tshark displayfilters Sake Blok (Dec 08)
- Re: Problems with tshark displayfilters sean bzd (Dec 08)