Is there some way to extract I'd like to do something like this in an automated script to get the number of packets with an expert message of severity That just errs: Any suggestions would be very much appreciated! asked 20 Jan '12, 14:01  alienrobotninja edited 20 Jan '12, 15:10  helloworld |
One Answer:
Not up to date. answered 20 Jan '12, 20:09 alienrobotninja |
What version of Wireshark are you using? And what OS? Your command worked for me (no errors) in SVN 40615, Windows 7 and OSX Lion.
Even if that filter had worked, it would tell you the number of frames that had at least one warning of a given severity, rather than the actual number of expert items reported.
Current SVN tshark has "-z expert". "-z expert,error" would only show you the errors, whereas "-z expert,warn" would give you expert errors + warnings. Here is an example and the resulting output. See the total count for a given severity in the first line of output.
./tshark -z expert,warn -r ../captures/logfile_norlc.out_00000_20120120095148.split -q
Errors (10026)
Frequency Group Protocol Summary 1 Sequence DCT2000 >> ERR ALL: Not processing DL doorbell as already 20259 us old: (deadline is 8000) 1 Sequence DCT2000 >> ERR ALL: Took longer than 8000 usecs to process DL doorbell (20346) 1 Sequence DCT2000 >> ERR MAC: Unexpected UL-Grant buffer number; expected 0, got 1 8323 Sequence MAC-LTE UE 1: SR results in neither a grant nor a failure indication 1586 Malformed MAC-LTE DL Frame has CRC error problem (Duplicate_nonzero_rv) 1 Sequence DCT2000-CStats Duplicate seen (2) 73 Malformed MAC-LTE DL Frame has CRC error problem (Failed) 1 Sequence DCT2000-CStats CRC errors seen (7) 1 Sequence DCT2000-CStats Duplicate seen (155) 29 Malformed MAC-LTE DL Frame has CRC error problem (High Code Rate) 1 Sequence DCT2000-CStats CRC errors seen (20) 1 Sequence DCT2000-CStats CRC errors seen (2) 1 Sequence DCT2000-CStats Duplicate seen (404) 1 Sequence DCT2000-CStats CRC errors seen (17) 1 Sequence DCT2000-CStats CRC errors seen (4) 1 Sequence DCT2000-CStats Duplicate seen (446) 1 Sequence DCT2000-CStats CRC errors seen (19) 1 Sequence DCT2000-CStats CRC errors seen (16) 1 Sequence DCT2000-CStats Duplicate seen (440)
Warns (4)
Frequency Group Protocol Summary 1 Malformed MAC-LTE Should not see more than 2 padding subheaders in one frame 1 Sequence DCT2000-CStats Retx seen (131072) 1 Sequence DCT2000-CStats Retx seen (262144) 1 Sequence DCT2000-CStats Retx seen (1048576)
Thanks Gents. Looks like an update will do the trick.