Sep 272014

While reviewing a wireshark video, I have seen this awesome technique to use shark to get very good statistics on whats going on the network in terms of errors.

Hence I’ve decided to report the command here since it could be very useful to do network monitoring.

The command should go all in one line…

tshark -r <filename>.pcap -q -z io,stat,1,"COUNT(tcp.analysis.retransmission)tcp.analysis.retransmission","COUNT(tcp.analysis.duplicate_ack)tcp.analysis.duplicate_ack","COUNT(tcp.analysis.lost_segment)tcp.analysis.lost_segment","COUNT(tcp.analysis.fast_retransmission)tcp.analysis.fast_retransmission","COUNT(tcp.analysis.out_of_order)tcp.analysis.out_of_order”

The output should be something like this: