I'm using a command such as the following to:
With the aim of determining how much traffic is going out from "myhost.co.uk". However, when I look at the resulting stats file it doesn't add up. The first few rows make sense but then I get the same figure repeated in column 2 (118799631). If I understand correctly, the first column is unfiltered and should show me the total IO (both in and outbound). Therefore my second filtered column you would not expect to see values that are greater than the first column. | Interval | Frames | Bytes | Frames | Bytes | |---------------------------------------------------------| ... | 44940 <> 45000 | 69 | 9922 | 36 | 4470 | ... | 121140 <> 121200 | 4 | 336 | 0 | 118799631 | | 121200 <> 121260 | 1 | 243 | 0 | 118799631 | | 121260 <> 121320 | 0 | 0 | 0 | 118799631 | | 121320 <> 121380 | 0 | 0 | 0 | 118799631 | | 121380 <> 121440 | 0 | 0 | 0 | 118799631 | | 121440 <> 121500 | 0 | 0 | 0 | 118799631 | ... Have I missed something here? I'd like to end up with a command I can used to see how much traffic is going in and out from my host, similar to:
asked 06 Feb '13, 02:18  billbofagends |
One Answer:
This is a bug in tshark-1.8.x (i know because I filed it!) You can learn more here: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8066 Dropping back to 1.6 will solve the answered 06 Feb '13, 06:36  zachad |
A similar experiment works for me, can you share your capture file?