Wireshark · Wireshark-users: Re: [Wireshark-users] how to print time with epoch formation by tshark

Wireshark-users: Re: [Wireshark-users] how to print time with epoch formation by tshark

From: Stephen Fisher <stephentfisher@xxxxxxxxx>

Date: Tue, 1 Jul 2008 09:20:55 -0600

On Tue, Jul 01, 2008 at 05:01:19PM +0800, Ian jonhson wrote:

> I would like to print the captured packet to standard oupout with 
> epoch time formation. The command I used is:
> 
>  tshark -i 1 -n -f "udp port 8080" -t e -T fields -e frame.time -e
> XXXXXX > /tmp/my_tshark_data.$(date +%F-%T)
> 
> The parameter "-t e" seems not to take effect.

This is because the -t e option only applies to the normal timestamps 
that tshark shows, not to the frame.time field.  The time format is 
stored in the "recent" settings file.  The easiest way to change this 
would be to open Wiresdhark and change the time format from the View - 
Time Display Format menu if you have access to the GUI.  You could also 
see if you have a ~/.wireshark/recent file and edit the gui.time_format 
setting there.

Steve

Follow-Ups:
- Re: [Wireshark-users] how to print time with epoch formation by tshark
  - From: Ian jonhson
- Re: [Wireshark-users] how to print time with epoch formation by tshark
  - From: Guy Harris

References:
- [Wireshark-users] how to print time with epoch formation by tshark
  - From: Ian jonhson

Prev by Date: Re: [Wireshark-users] Bug 553: Wireshark appears offscreen on multi-monitor Windows systems (Was: Wireshark 1.0.1 is now available)
Next by Date: [Wireshark-users] 64-bit Vista
Previous by thread: [Wireshark-users] how to print time with epoch formation by tshark
Next by thread: Re: [Wireshark-users] how to print time with epoch formation by tshark
Index(es):
- Date
- Thread