Wireshark-users: Re: [Wireshark-users] R: Re: add timestamp to fieldlist in wireshark
Thanks a lot for the insight. In that case Iguess the best way will be to use frame.time_relative and afterwards adding to all these values the Unix timesamp for the first package, which gives in return the desired time for every packet.
--------- Original Message ---------
On Fri, Nov 27, 2009 at 04:33:13PM +0100, haneugen@xxxxxxxx wrote:
> I've found that switch already, but if you use tshark in the form like
> tshark -r file -T fields -t e -e fieldname
> you have to add all the needed fields in the list through -e fieldname,
> but I have not found a field which would me either give the timestamp
> by default or is effected by the -t e option. Thus my problem is which
> field do I have to add to the timestamp.
Currently there is no field that can be used with -T fields that follows
the timestamp format given by -t, so you're kinda stuck here. You might
want to add a feature request to https://bugs.wireshark.org for that, as
I think it could be a very useful addition...
> Beyond having a list of all available fields as well would be helpful,
> so far I only know of
> http://packetlife.net/media/library/13/Wireshark_Display_Filters.pdf
> as the most detailed one. Anyone a further idea?
http://www.wireshark.org/docs/dfref/
Cheers,
Sake
