Wireshark mailing list archives
Re: tcp.time_delta column with tshark
From: "j.snelders" <j.snelders () telfort nl>
Date: Sat, 29 Jan 2011 16:52:11 +0100
Hi Paul (or Vincent;-)) On Sat, 29 Jan 2011 00:26:40 -0800 (PST) vincent paul wrote:
Hi All, 1) I try to use tshark to export a capture into csv file. I use -T fields -E separator=, -e tcp.time_delta....... I could see other column data but
not
tcp.time_delta . Any idea.
No, but it does print the frame.time_delta $ tshark -r test.pcap -T fields -E separator=, -e frame.number -e frame.time_delta
2)What is the filter to use with tshark statistic to print out the duration of every TCP connections in a capture (as "duration" column in Statistics--->Conversation table).
You can use the following, but it does not print the duration: $ tshark -r test.pcap -q -z conv,eth -z conv,ip -z conv,tcp See the man-page for more information: http://www.wireshark.org/docs/man-pages/tshark.html
3) With "-T text" option, tshark will print out packets' summary line by line displayed by wireshark's GUI. Is there any way to select some column data not all columns, or additional column data (i.e. probably "-o option" but how to set up related filter/file...)
Here is an example:
$ tshark -i 3 -o column.format:""No.", "%m", "Time", "%t", "Source", "%s",
"Destination", "%d", "Protocol", "%p", "srcport", "%uS", "dstport", "%uD",
"len", "%L", "Info", "%i", "tcp.flags.ack", "%Cus:tcp.flags.ack", "tcp.flags.syn",
"%Cus:tcp.flags.syn""
$ tshark -r test.pcap -o column.format:""No.", "%m", "Time", "%t", "Source",
"%s", "Destination", "%d", "Protocol", "%p", "srcport", "%uS", "dstport",
"%uD", "len", "%L", "Info", "%i", "tcp.flags.ack", "%Cus:tcp.flags.ack",
"tcp.flags.syn", "%Cus:tcp.flags.syn""
My best
Joke
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users () wireshark org>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- How source and destination is identified in Wireshark? Berkay Celik (Jan 24)
- Re: How source and destination is identified in Wireshark? Guy Harris (Jan 24)
- Re: How source and destination is identified in Wireshark? Berkay Celik (Jan 24)
- Re: How source and destination is identified in Wireshark? Martin Visser (Jan 24)
- Re: How source and destination is identified in Wireshark? Guy Harris (Jan 28)
- Re: How source and destination is identified in Wireshark? Guy Harris (Jan 28)
- Re: How source and destination is identified in Wireshark? ronnie sahlberg (Jan 28)
- Re: How source and destination is identified in Wireshark? Andrew Hood (Jan 28)
- Re: How source and destination is identified in Wireshark? Guy Harris (Jan 28)
- tcp.time_delta column with tshark vincent paul (Jan 29)
- Re: tcp.time_delta column with tshark j.snelders (Jan 29)
- Re: tcp.time_delta column with tshark Sake Blok (Jan 29)
- Re: tcp.time_delta column with tshark j.snelders (Jan 29)
- Re: tcp.time_delta column with tshark vincent paul (Jan 29)
- Re: tcp.time_delta column with tshark Martin Visser (Jan 30)
- Re: tcp.time_delta column with tshark vincent paul (Jan 30)
- Re: tcp.time_delta column with tshark Martin Visser (Jan 30)
- Re: tcp.time_delta column with tshark vincent paul (Jan 31)
- Re: How source and destination is identified in Wireshark? Berkay Celik (Jan 24)
- Re: How source and destination is identified in Wireshark? Guy Harris (Jan 24)