COUNT(tcp.dstport) basically just counts the number of times it has seen the
field tcp.dstport,
since thcp.dstport occurs exactly once in each tcp packet this is the same
as counting the number of tcp packet.
Note that other fields can occur more than once in a packet and COUNT will
count all occurences.
Try: COUNT(tcp.analysis.retransmission) which will count and plot all
retransmitted segments, or
COUNT(tcp.analysis.duplicate_ack) which will count the number of duplicate
acks and plot them over time.
SUM(field) will find all the occurences of the field 'field' and will add
their values up together and plot the sum of all these
values.
Note that some of these fields can occur multiple times inside one packet.
Try:SUM(tcp.len) which will find all fields of type tcp.len (length of the
tcp payload data) and sum them together, then it will plot
this sumemd value. Can be used as in this example to plot how many payload
bytes are transferred across TCP.
----- Original Message -----
From: keith.french
Sent: Tuesday, April 06, 2004 12:38 AM
Subject: [Ethereal-users] IO Graphs - SUM & Count
In Ethereal Ver 0.10.3 if you display the IO Graph and use the Advanced
option on the Y axis, the manual doesn't seem to explain what the SUM &
COUNT options are trying to do. As an example if you set the filter on the
graph to:-
(ip.src == 128.101.80.131) && (tcp.dstport == 33543)
and the COUNT to:-
tcp.dstport
I assume the graph just plots the number of TCP packets whose destination
port is set to 33543 from IP address 128.101.80.131 against time?
If you now change the same graph from COUNT to SUM with the filter & fields
the same as before, what is this plotting?
Keith French
_______________________________________________
Ethereal-users mailing list
Ethereal-users@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-users