Hi,
On Thu, Mar 30, 2017 at 12:23 AM, Pascal Quantin
<pascal.quantin@xxxxxxxxx> wrote:
> Hi Chema,
>
> 2017-03-30 1:32 GMT+02:00 Chema Gonzalez <chema@xxxxxxxxxx>:
>>
>> Hi,
>>
>> I'm using tshark to extract some fields from packet traces. Using `-e
>> tcp.seq`, tshark prints the relative sequence number. I'd like to
>> print the raw (absolute) at the same time. I don't think this is
>> possible right now (but please let me know if that's the case).
>>
>> A quick check at the code suggests I need to set tcp_relative_seq to
>> FALSE to have absolute tcp seq numbers. I can't see how to set this
>> value using the tshark CLI.
>
>
> simply add the following to your command line:
> -o "tcp.relative_sequence_numbers: false"
>
> so your command becomes:
> tshark -r test.pcapng -T fields -e tcp.seq -o
> "tcp.relative_sequence_numbers: false"
Great! Thanks a lot.
>> Final question: Any hints on what's the best way to add a "tcp.rawseq"
>> ("tcp.seqraw"?) option?
>
>
> Given that there is already an option for this, is it really required ?
My goal was getting both at the same time. Unless I'm mistaken, I can
only get either the relative or the absolute seq number.
Thanks,
-Chema
>
>>
>>
>> Thanks,
>> -Chema
>>
>> ___________________________________________________________________________
>> Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
>> Archives: https://www.wireshark.org/lists/wireshark-dev
>> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
>>
>> mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
>
>
>
> ___________________________________________________________________________
> Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
> Archives: https://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
> mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
