Wireshark · Wireshark-dev: [Wireshark-dev] tshark: access to tcp raw seq number

Wireshark-dev: [Wireshark-dev] tshark: access to tcp raw seq number

From: Chema Gonzalez <chema@xxxxxxxxxx>

Date: Wed, 29 Mar 2017 16:32:19 -0700

Hi,

I'm using tshark to extract some fields from packet traces. Using `-e
tcp.seq`, tshark prints the relative sequence number. I'd like to
print the raw (absolute) at the same time. I don't think this is
possible right now (but please let me know if that's the case).

A quick check at the code suggests I need to set tcp_relative_seq to
FALSE to have absolute tcp seq numbers. I can't see how to set this
value using the tshark CLI.

Final question: Any hints on what's the best way to add a "tcp.rawseq"
("tcp.seqraw"?) option?

Thanks,
-Chema

Follow-Ups:
- Re: [Wireshark-dev] tshark: access to tcp raw seq number
  - From: Pascal Quantin

Prev by Date: Re: [Wireshark-dev] Question about pcap_create and HAVE_REMOTE
Next by Date: Re: [Wireshark-dev] Different Participating Record created on Test Alert
Previous by thread: Re: [Wireshark-dev] Question about pcap_create and HAVE_REMOTE
Next by thread: Re: [Wireshark-dev] tshark: access to tcp raw seq number
Index(es):
- Date
- Thread