This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

tshark meassuring bandwidth per IP

0

I found this --> link text

and I would like to use tshark for spitting bandwidth/IP on the command line. Is this possible?

asked 02 Mar '16, 03:13

altdrugzgene's gravatar image

altdrugzgene
11448
accept rate: 0%


One Answer:

0

Maybe you should also look at the answer to this question. It says that it is currently not possible to sort the output list of e.g. tshark -q -z "conv,tcp" by number of bytes per conversation directly with tshark, but otherwise these command line parameters of tshark provide you with the list of conversations of the indicated type, stating the common duration and both packet counts and byte counts per direction, so a simple post-process of that table can give you the bandwidths per direction calculated as bytes/duration. Just check whether the number of bytes represents whole frames or only the tcp part of them.

answered 02 Mar '16, 03:42

sindy's gravatar image

sindy
6.0k4851
accept rate: 24%

Thanks sindy. I am doing 2 separate analyses at the moment one using the output from the TCP flows and one counting the bandwidth per intervals. However I cant find a way to correlate these two which is sad :P Anyways thanks

(02 Mar '16, 04:23) altdrugzgene

I'm not sure I've understood what you mean by "counting the bandwidth per intervals", but you can use a so-called "read" filter like -2 -R frame.time_relative >= t1 and frame.time_relative < t2 to get the statistics only for a time slice t1..t2 of the capture file. You can not use -Y for the purpose as it does not affect the statistics calculation. Currently, -R can only be used together with -2, so the -2 is there only as a "-R enabler", you do not need two-pass handling to calculate statistics.

(02 Mar '16, 04:36) sindy