Re: R: Re: add timestamp to fieldlist in wireshark

["haneugen () yahoo de" <haneugen () yahoo de>]

Thanks a lot for the insight. In that case Iguess the best way will be to use frame.time_relative and afterwards adding 
to all these values the Unix timesamp for the first package, which gives in return the desired time for every packet.

--------- Original Message --------- 

On Fri, Nov 27, 2009 at 04:33:13PM +0100, haneugen () yahoo de wrote:
> I've found that switch already, but if you use tshark in the form like
> tshark -r file -T fields -t e -e fieldname
> you have to add all the needed fields in the list through -e fieldname,
> but I have not found a field which would me either give the timestamp 
> by default or is effected by the -t e option. Thus my problem is which 
> field do I have to add to the timestamp. 
Currently there is no field that can be used with -T fields that follows
the timestamp format given by -t, so you're kinda stuck here. You might
want to add a feature request to https://bugs.wireshark.org for that, as
I think it could be a very useful addition...
> Beyond having a list of all available fields as well would be helpful, 
> so far I only know of 
> http://packetlife.net/media/library/13/Wireshark_Display_Filters.pdf 
> as the most detailed one. Anyone a further idea?
http://www.wireshark.org/docs/dfref/
Cheers,
 
Sake

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe