I can produce conversation and traffic information with "tshark -r filename.pcap -q -z conv,tcp -n" and I can look for TCP problem indicators with filters like tcp.analysis.retransmission or tcp.analysis.fast_retransmission or tcp.analysis.zero_window. I would like to be able to produce a conversation list with traffic and the number of instances a problem indicator occured but I do not know if this is possible.
It would be great to be able to get a text file that can be parsed automatically so I can be alerted to this type of information. In a perfect world, I would also have RTT type information on a per session basis as well.
asked 25 Apr '14, 10:06
You can do this:
Then use the streams creates with the first command (you'll have to eliminate duplicates for this step) and build a filter for the second command (can be done with a script).
If -Y does not work, try -R instead.
Now, you have two outputs.
First: The amount of errors per stream (stream number)
You can "merge" the two with a script and create whatever output/result you may need.
answered 26 Apr '14, 12:44
Kurt Knochner ♦