This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

how to calculate total sum of ip.len field for wireshark trace

0

Hello, I would like to calculate sum af all ip.len values in packets. There is option cumulative but it works only for frame.len value. Thanks

asked 10 Mar '11, 03:25

lavpivolav's gravatar image

lavpivolav
1222
accept rate: 0%

retagged 10 Mar '11, 08:42

packethunter's gravatar image

packethunter
2.1k71548

One Answer:

2

You can use TShark.
In this example the interval is 30 seconds.

$ tshark -r test.pcap -q -z io,stat,30,COUNT"(tcp.len)tcp.len",MIN"(tcp.len)tcp.len",MAX"(tcp.len)tcp.len",AVG"(tcp.len)tcp.len" > tcp.len.txt

Output:
IO Statistics
Interval: 30.000 secs
Column #0: COUNT(tcp.len)tcp.len
Column #1: MIN(tcp.len)tcp.len
Column #2: MAX(tcp.len)tcp.len
Column #3: AVG(tcp.len)tcp.len

                |   Column #0    |   Column #1    |   Column #2    |   Column #3  

Time            |          COUNT |            MIN |            MAX |            AVG
000.000-030.000               802                0            29193              354
030.000-060.000              1231                0            36500              397
060.000-090.000              1478                0            37478              342
090.000-120.000               418                0             2372              232

answered 10 Mar ‘11, 05:44

joke's gravatar image

joke
1.3k4934
accept rate: 9%

Hello, Thanks on answer, it helped Best Regards

(10 Mar ‘11, 09:21) lavpivolav