How do count fields() and count frames() work in io graph?

i want to count the packet rate with ACK+SYN (filter:tcp.flags==0x012) like this: image description

but when i used count fields() and count frames(), io graph show nothing. image description

same file

See The “I/O Graphs” Window for an explanation of COUNT.
In the tshark man page it points out that it is existance of the field, not the field value:

COUNT(field)filter - Calculates the number of times that the field name (not its value) appears per interval in the filtered packet list. ''field'' can be any display filter name.

Try tcp.connection.synack as the Y field.

(There should probably be input validation there to only allow field names with COUNT and not a filter expression.)

Chuckc

answered 2021-04-04 05:18:09 +0000

edit flag offensive 0 remove flag delete link

Comments

thanks, i hope new version could hava this vaildation! thanks a lot！

dd (2021-04-04 09:07:35 +0000) edit

I missed it first time through - check the status bar of the screen shots:
There is no field named 'tcp.flags==0x012'.

That's probably a good middle ground - alerts to there being a problem but doesn't prevent it just in case.
Looks like it is BOLD text - not sure if changing the text color would be good or if it would get annoying.

Chuckc (2021-04-04 16:33:13 +0000) edit

add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

How do count fields() and count frames() work in io graph? edit

Comments

1 Answer

Comments