Sep 272014

While reviewing a wireshark video, I have seen this awesome technique to use shark to get very good statistics on whats going on the network in terms of errors.

Hence I’ve decided to report the command here since it could be very useful to do network monitoring.

The command should go all in one line…

tshark -r <filename>.pcap -q -z io,stat,1,"COUNT(tcp.analysis.retransmission)tcp.analysis.retransmission","COUNT(tcp.analysis.duplicate_ack)tcp.analysis.duplicate_ack","COUNT(tcp.analysis.lost_segment)tcp.analysis.lost_segment","COUNT(tcp.analysis.fast_retransmission)tcp.analysis.fast_retransmission","COUNT(tcp.analysis.out_of_order)tcp.analysis.out_of_order”

The output should be something like this:


 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>