jacob c wrote:
> I appreciate the info. I have actually taken several captures now on
> individual vlans and have located the top talkers. I also tried the
> tshark command you mentioned below without success. I get the "ericsson
> error" as show below. Here is what happens:
> C:\Program Files\Wireshark>
Oops, cmd.exe, not a UN*X shell, so Sake's command won't work exactly.
If you have Cygwin installed, you could try it from Cygwin.
> tshark -r c:\captures\0_0-10mins -T fields -e
> ip.src
> "tcp.flags.syn==1 &&
> Could not open file: 'Ericsson.xml', error: No such file or directory
> tshark: Unexpected end of filter string.
The "ericsson error" isn't the real problem. The real problem is the
"Unexpected end of filter string"; that command isn't complete.
The complete tshark command would be
tshark -r c:\captures\0_0-10mins -T fields -e ip.src "tcp.flags.syn==1
&& tcp.flags.ack==0"
on *one* command line (I don't know whether cmd.exe supports commands
split across multiple command lines the way UN*X shells do.
However, the rest of his command, namely the
| sort | uniq -c | sort -rn | head
part, is a bit trickier; cmd.exe *does* support pipes (and I suspect it
supports them using Win32 pipes, rather than the old "run the commands
one at a time, save the output of command N to a file, and use that file
as input to command N+1" hack that the MS-DOS command prompt did, due to
DOS being a single-tasking system), but Windows doesn't come with those
other commands.
As noted, Cygwin would include those commands.
_______________________________________________
Wireshark-users mailing list
Wireshark-users@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-users
