Wireshark mailing list archives

Re: R: Re: add timestamp to fieldlist in wireshark

From: "Ryan Zuidema" <ryan.zuidema () knchlaw com>
Date: Fri, 27 Nov 2009 15:53:23 +0000

Output the file in pdml format. Then open it in a good text editor. It will break up the packet  and show the 
corresponding fields.

There's probably a better way, but this got me what I needed.

-Ryan

-----Original Message-----
From: "haneugen () yahoo de" <haneugen () yahoo de>
Date: Fri, 27 Nov 2009 16:33:13 
To: <wireshark-users () wireshark org>
Subject: [Wireshark-users] R:  Re: add timestamp to fieldlist in wireshark

I've found that switch already, but if you use tshark in the form like
tshark -r file -T fields -t e -e fieldname
you  have to add all the needed fields in the list through -e fieldname, but I have not found a field which would me 
either give the timestamp by default or is effected by the -t e option. Thus my problem is which field do I have to add 
to the timestamp. Beyond having a list of all available fields as well would be helpful, so far I only know of 
http://packetlife.net/media/library/13/Wireshark_Display_Filters.pdf as the most detailed one. Anyone a further idea?


-----Original Message-----


Did you try tshark -t e
 
-----Original Message-----
From: wireshark-users-bounces () wireshark org [mailto:wireshark-users-bounces () wireshark org] On Behalf Of haneugen 
() yahoo de
Sent: Thursday, November 26, 2009 10:56 AM
To: wireshark-users () wireshark org
Subject: [Wireshark-users] add timestamp to fieldlist in wireshark
Hi,
I am using tshark to extract all the fields I need out of a capture and to further process them. But as you know 
processing becomes much easier when working with numerical values instead of having to parse strings thus I would like 
to add a field containing the unix timestamp (relative_time is unfortunately not sufficient) to the tshark field list. 
Does anybody has an idea how to do that, e.g. which field to add?
Thanks in advance.
Cheers
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users () wireshark org>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request () wireshark org?subject=unsubscribe
 
 

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Current thread:

R: Re: add timestamp to fieldlist in wireshark haneugen () yahoo de (Nov 27)
- Re: R: Re: add timestamp to fieldlist in wireshark Ryan Zuidema (Nov 27)
- Re: R: Re: add timestamp to fieldlist in wireshark Sake Blok (Nov 28)