Ask Your Question
0

tshark converstaion (conv) not printing the Bits/s column but prints all columns from wireshark

asked 2024-05-14 07:36:52 +0000

Bhuvi gravatar image

updated 2024-05-14 13:05:02 +0000

Chuckc gravatar image

I am trying to get the Bits/s sec of a file using the conv command in tshark .
I am able to get all the columns data how we see in Wirreshark > Statistics > Conversations

"Address A","Port A","Address B","Port B","Packets","Bytes","Packets A → B","Bytes A → B","Packets B → A","Bytes B → A","Rel Start","Duration","Bits/s A → B","Bits/s B → A"

I am able to see all the values except "Bits/s A → B","Bits/s B → A"
How to get these Bits/s

edit retag flag offensive close merge delete
add a comment

1 Answer

Sort by » oldest newest most voted
0

answered 2024-05-14 13:27:43 +0000

Chuckc gravatar image

This is similar to tshark - extract conversations (ip,tcp,udp) / endpoints with GeoIP where the Wireshark gui and tshark tap results are different.

ui/qt/conversation_dialog.cpp uses ConversationDataModel::headerData which includes CONV_COLUMN_BPS_AB and CONV_COLUMN_BPS_BA.

The tap that TShark calls (ui/cli/tap-iousers.c) calls does not:

printf("%s                                               |       <-      | |       ->      | |     Total     |    Relative    |   Duration   |\n",
            display_ports ? "            " : "");
        printf("%s                                               | Frames  Bytes | | Frames  Bytes | | Frames  Bytes |      Start     |              |\n",
            display_ports ? "            " : "");
        break;
edit flag offensive delete link more

Comments

Perhaps this calls for a way to select, both in TShark and in Wireshark, which columns to display for various taps.

Guy Harris gravatar imageGuy Harris ( 2024-05-17 22:26:17 +0000 )edit
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

subscribe to rss feed

Stats

Asked: 2024-05-14 07:36:52 +0000

Seen: 69 times

Last updated: May 14