This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

measure the total transmitted byte in a time interval

1

I want to measure the total transmitted byte in a time interval from my captured traffic. e.g from time 46.3901 to time 46.4329 how many byte was transmitted.

Or if i see the IO Graphic. I want to measure the burst in byte from 187,3s to 188,7s.

How can i measure this?

Thank you for your help.

Foto IO Graphic

asked 28 Mar '12, 03:07

hanamichi's gravatar image

hanamichi
16113
accept rate: 0%


2 Answers:

3

use a display-filter such as (frame.time>="Mar 28, 2012 15:58:18.730" && frame.time<"Mar 28, 2012 15:58:18.770")

and then goto statistics >summary> and you will get what your looking for...

answered 28 Mar '12, 03:30

sangmeshp's gravatar image

sangmeshp
367811
accept rate: 0%

2

Go to the preferences, edit your column settings and add a colum with the field type of "Cummulative Bytes". Go back to your packet list, select the packet you want to start at, and use the popup menu to set a time reference. That way the cummulative byte counter will start at that packet. Then move to the last packet and simply read the amount of bytes from the cummulative byte column.

Hint: if you want to determine the cummulative bytes of a single connection you should filter on it first, because otherwise packet/bytes from other connections will increase that number, too.

answered 28 Mar '12, 03:13

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%

thanks for your quick answer.

@Jasper: I want to analysis the traffic from website youtube. How can I filter here only packet/bytes from a website youtube?

[converted to a comment]

(28 Mar '12, 05:53) hanamichi
1

Usually you'll have to find out which IPs at youtube you're talking to, for example by using nslookup to find the IPs, and then filter on them with ip.addr==a.b.c.d or ip.address=e.f.g.h....

Or you could filter on GET requests that contain youtube with a filter like this: http.request.full_uri contains "youtube" and then use the packets that you see to filter on the single tcp communications.

By the way, if you like one of the answers please accept it (round checkmark button next to it)

(28 Mar '12, 06:00) Jasper ♦♦

@Jasper: I have now a I/O Graph with many buste. Is es possible to measure or filter the time interval between these burst?

alt text

(29 Mar '12, 04:33) hanamichi

Well, you can click into the graph just where a peak starts, which will jump to the according approximate packet in the packet list. Mark it, and then click on the I/O graph again to jump to the end of a peak. Mark that packet, too, and then you could start looking at the packet between the two markers.

(29 Mar '12, 13:56) Jasper ♦♦