This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Throughput calculation

0

Assuming I want to calculate throughputs (using commands) by applying different display filters on same file, I have to calculate capture time from "capinfos -u" and bytes from "tshark -z io,stat,time,filter"

Is there any better way that I can get througput directly? I want to specify display filters in single command and get the throughut directly in a single command.

asked 24 Jun '13, 07:51

Rajat's gravatar image

Rajat
1444
accept rate: 0%

2 Answers:

2

How about something like 'tshark -r ~/Wireshark/pcap/http.cap -qz io,stat,0,tcp.port==50261,tcp.port==50262,tcp.port==50263' ?

It gives the following output:

$ tshark -r ~/Wireshark/pcap/http.cap -qz io,stat,0,tcp.port==50261,tcp.port==50262,tcp.port==50263





4: tcp.port==50263











Interval




————————————————————————————




0.0 <> 50.0






======================================================================================
| IO Statistics                                                                      |
|                                                                                    |
| Interval size: 50.0 secs (dur)                                                     |
| Col 1: Frames and bytes                                                            |
|     2: tcp.port==50261                                                             |
|     3: tcp.port==50262                                                             |


$

Now you can use the capture time and the

answered 24 Jun ‘13, 08:23

SYN-bit's gravatar image

SYN-bit ♦♦
17.1k957245
accept rate: 20%

Which version of Wireshark is this? The one I have is a dissector where tshark -z io,stat,0,filter does not specify total capture time.

(24 Jun ‘13, 08:28) Rajat

The latest official release 1.10, which version are you running?

(24 Jun ‘13, 09:27) SYN-bit ♦♦

Sake, what is the relavance of 0 in your t-shark cli?

Thanks

(24 Jun ‘13, 09:52) krishnayeddula

It is representing the interval over which the statistics are calculated. 0 means “the whole file”.

(24 Jun ‘13, 10:21) SYN-bit ♦♦

1

How about this:

tshark -nr input.cap -z conv,tcp -q

Then take the Bytes value and divide it by the number of seconds (Duration).

To get only one certain streams, either filter them (option: -R tcp.port eq xxxx) or search for those connections in the output of tshark.

TCP Conversations
Filter:<no filter="">
                                               |       <-      | |       ->      | |     Total     |    Relative    |   Duration   |
                                               | Frames  Bytes | | Frames  Bytes | | Frames  Bytes |      Start     |              |
10.95.119.188:59122  <-> 10.116.11.24:5300          0         0   10507    821508   10507    821508  1407,479330000      1562,6490
10.116.11.24:5300    <-> 10.95.119.188:2424        25      3973       0         0      25      3973     0,000000000      2970,1373

Regards
Kurt

answered 24 Jun '13, 10:38

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

edited 24 Jun '13, 10:39