'[Wireshark-users] tshark -z conv, type no sorting according to the total number of bytes'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       wireshark-users
Subject:    [Wireshark-users] tshark -z conv, type no sorting according to the total number of bytes
From:       Markus Amend <markusa () ast ! dfs ! de>
Date:       2012-02-02 7:39:08
Message-ID: 4F2A3D9C.70005 () ast ! dfs ! de
[Download RAW message or body]

Hello,

in manual to tshark "-z conv,type" function stands:

"The table is presented with one line for each conversation and displays 
the number of packets/bytes in each direction as well as the total 
number of packets/bytes. The table is sorted according to the total 
number of bytes."

Tested with "tshark -r pcap_file -z conv, ip", "tshark -r pcap_file -z 
conv, udp", "tshark -r pcap_file -z conv, tcp", there is no sorting to 
the total number of bytes, but to the toal number of frames.

Look at:

                                                                           | <-      \
| |       ->      | |     Total     |  | Frames  Bytes | | 
Frames  Bytes | | Frames  Bytes |
xxx:nfs <-> ggg:933               1343   1176990    1666   1157928    
3009   2334918
yyy:51290 <-> ccc:http-alt     1104   1004903    1104     72864    
2208   1077767
hhh:nfs <-> mmm:919            687     49210    1334   1997824    2021   
2047034

This is verified with tshark v1.0.5 and v1.6.5.

Greetings
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@wireshark.org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@wireshark.org?subject=unsubscribe


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic