Discussion:
I/O Graph Bug??
Burns, Kevin
2014-05-23 19:51:21 UTC
Permalink
I am running into a strange issue with the I/O graph in Wireshark Version 1.10.7.

It seems to be graphing the tcp.window_size with the value of the tcp.window_size_value. Below I compared the window size graph in Opnet to show how the I/O graph is incorrect. tcp.window_size is supposed to be the calculated value of the scaled TCP window but the actual value in the packet field.

Has anyone else ran into this ?

[cid:image001.png-***@public.gmane.org]
Lee
2014-05-25 16:27:40 UTC
Permalink
Post by Burns, Kevin
I am running into a strange issue with the I/O graph in Wireshark Version 1.10.7.
It seems to be graphing the tcp.window_size with the value of the
tcp.window_size_value. Below I compared the window size graph in Opnet to
show how the I/O graph is incorrect. tcp.window_size is supposed to be the
calculated value of the scaled TCP window but the actual value in the packet
field.
Has anyone else ran into this ?
Yes. I've seen it when the capture does NOT have the initial syn
syn/ack & so wireshark doesn't know the window scale factor.

Lee
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users-IZ8446WsY0/***@public.gmane.org>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request-IZ8446WsY0/***@public.gmane.org?subject=unsubscribe
Sake Blok
2014-05-25 18:16:49 UTC
Permalink
You are using bytes/tick on the Y-axis, which means, the displayed value is the sum of the length of all packets in each tick interval. Since every TCP packet will match both filters, the length of all tcp packets is plotted.

What you would want to do is use the "Advanced" Y-axis unit. It will give you the option to sum(), avg(), min(), max() the value of a certain field (in your case tcp.window_size) over the tick interval. I would suggest to use tcp.window_size both as the filter and as the field to calculate and then use avg() as the operator.

Cheers,
Sake
Post by Burns, Kevin
I am running into a strange issue with the I/O graph in Wireshark Version 1.10.7.
It seems to be graphing the tcp.window_size with the value of the tcp.window_size_value. Below I compared the window size graph in Opnet to show how the I/O graph is incorrect. tcp.window_size is supposed to be the calculated value of the scaled TCP window but the actual value in the packet field.
Has anyone else ran into this ?
<image001.png>
___________________________________________________________________________
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
Continue reading on narkive:
Loading...