I tried to get protocol statistic using wireshark with "Statistics -> Protocol Hierarchy" and using tshark with "-r test.pcap -qz io,phs > stat.txt" from pcap file. And for a number of pcap files i got different results (slightly). What does it mean? May be i do somewhat wrong? I like what produce wireshark, but i need to use tshark and tshark's results grieves me. Below i upload two examples as wireshark and tshark protocol hierarchy results. At least here we see the difference in BitTorrent section. (Right click -> View Image, for zoom)
Second example. Two protocol trees instead of one.
I can if need upload other examples of various results, which another nature. Tshark protocol hierarchy results in txt format needs me to parse and represents their in another view. I use latest version of wireshark and tshark, 2.0.4, and i tried to use last stable version 1.12.12, same results. Thanks in advance. ps Sorry for my bad english, its not my native language asked 28 Jul '16, 02:16  guitarkiller86 edited 28 Jul '16, 02:20 |
This is a static archive of our old Q&A Site.
Please post any new questions and answers at ask.wireshark.org.
