Re: Timestamps for conversations

[Sake Blok <sake () euronet nl>]

On 5 mei 2010, at 08:35, Jan Meier wrote:

> Is there any known way to get time and date displayed in the Statistics -> "Conversations" -> tcp-table ? Or any 
> other way to get the starts (end would be a bonus) of tcp conversations computed ?
>
> Of course one can calculate with the relative beginning shown in the table and add that to the first packets 
> timestamp in the capture file.
>
> I also tried a couple of other tools like tshark, ngrep etc - but a conversations view of tcp connections with 
> date/time (not relative) timestamps doesnt seem to be a usual use case.
>
> Any help or advise is aprreciated.

How about :

tshark -r <file> -T fields -e frame.time -e tcp.stream -e ip.src -e tcp.srcport -e ip.dst -e tcp.dstport 
"tcp.flags.syn==1 && tcp.flags.ack==0"

It does not give you the end as a bonus, for that you might want to write a little shell/perl/... script

Cheers,
Sake
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe