How do count fields() and count frames() work in io graph?

asked 2021-04-04 03:02:36 +0000

dd
1

i want to count the packet rate with ACK+SYN (filter:tcp.flags==0x012) like this: image description

but when i used count fields() and count frames(), io graph show nothing. image description

same file

answered 2021-04-04 05:18:09 +0000

Chuckc
3023 ●6 ●608 ●20

See The “I/O Graphs” Window for an explanation of COUNT.
In the tshark man page it points out that it is existance of the field, not the field value:

COUNT(field)filter - Calculates the number of times that the field name (not its value) appears per interval in the filtered packet list. ''field'' can be any display filter name.

Try tcp.connection.synack as the Y field.

(There should probably be input validation there to only allow field names with COUNT and not a filter expression.)

edit flag offensive delete link

Comments

thanks, i hope new version could hava this vaildation! thanks a lot！

dd ( 2021-04-04 09:07:35 +0000 )edit

I missed it first time through - check the status bar of the screen shots:
There is no field named 'tcp.flags==0x012'.

That's probably a good middle ground - alerts to there being a problem but doesn't prevent it just in case.
Looks like it is BOLD text - not sure if changing the text color would be good or if it would get annoying.

Chuckc ( 2021-04-04 16:33:13 +0000 )edit

add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

How do count fields() and count frames() work in io graph?

1 Answer

Comments

Your Answer

Question Tools

Stats

Related questions

How do count fields() and count frames() work in io graph? edit

1 Answer

Comments

Your Answer

Question Tools

Stats

Related questions

How do count fields() and count frames() work in io graph?