Re: Timestamps for conversations

[Jaap Keuter <jaap.keuter () xs4all nl>]

Hi,

In fact I got similar request for VoIP calls dialog, and committed it
partially (rev 32099). I guess we should create a application wide time
format preference and implement this in the various displays. Not a trivial
task I assume.

Thanks,
Jaap

On Wed, 5 May 2010 08:56:20 +0200, Sake Blok <sake () euronet nl> wrote:
> On 5 mei 2010, at 08:35, Jan Meier wrote:
>
> > Is there any known way to get time and date displayed in the Statistics
> > -> "Conversations" -> tcp-table ? Or any other way to get the starts
(end
> > would be a bonus) of tcp conversations computed ?
> >
> > Of course one can calculate with the relative beginning shown in the
> > table and add that to the first packets timestamp in the capture file.
> >
> > I also tried a couple of other tools like tshark, ngrep etc - but a
> > conversations view of tcp connections with date/time (not relative)
> > timestamps doesnt seem to be a usual use case.
> >
> > Any help or advise is aprreciated.
>
> How about :
>
> tshark -r <file> -T fields -e frame.time -e tcp.stream -e ip.src -e
> tcp.srcport -e ip.dst -e tcp.dstport "tcp.flags.syn==1 &&
tcp.flags.ack==0"
> It does not give you the end as a bonus, for that you might want to
write
> a little shell/perl/... script
>
> Cheers,
> Sake

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe