Wireshark · Wireshark-users: Re: [Wireshark-users] tcp.time

Wireshark-users: Re: [Wireshark-users] tcp.time_delta column with tshark

From: "j.snelders" <j.snelders@xxxxxxxxxx>

Date: Sun, 30 Jan 2011 01:12:02 +0100

On Sat, 29 Jan 2011 17:24:21 +0100 Sake Blok wrote:
>On 29 jan 2011, at 16:52, j.snelders wrote:
>
>> On Sat, 29 Jan 2011 00:26:40 -0800 (PST) vincent paul wrote:
>>> 
>>> 1) I try to use tshark to export a capture into csv file.  I use -T fields
>>> -E 
>>> separator=, -e tcp.time_delta.......  I could see other column data but
>> not
>>> 
>>> tcp.time_delta .  Any idea.
>> 
>> No, but it does print the frame.time_delta
>> $ tshark -r test.pcap -T fields -E separator=, -e frame.number -e frame.time_delta
>
>In order to be able to use tcp.time_relative and tcp.time_delta, you will
>need to enable TCP timestamps. This is disabled by default (for performance
>optimization).
>
>You can check whether tshark is using TCP timestamps:
>
>$ tshark -G currentprefs | grep tcp.calculate_timestamps
>tcp.calculate_timestamps: TRUE
>$
>
>If you want to enable them, use:
>
>tshark -o cp.calculate_timestamps:TRUE -r <file> -T fields -e ... -e tcp.time_delta
>-e ...
>
>Cheers,
>
>
>Sake

Dank je wel;-)
Joke

References:
- Re: [Wireshark-users] tcp.time_delta column with tshark
  - From: Sake Blok

Prev by Date: Re: [Wireshark-users] tcp.time_delta column with tshark
Next by Date: [Wireshark-users] tshark: Read filters were specified both with "-R" and with additional command-line arguments
Previous by thread: Re: [Wireshark-users] tcp.time_delta column with tshark
Next by thread: Re: [Wireshark-users] tcp.time_delta column with tshark
Index(es):
- Date
- Thread