Wireshark-users: [Wireshark-users] Dates in statistics output
From: David <lists@xxxxxxxxx>
Date: Wed, 12 Sep 2007 20:45:36 +0100
Two quick questions regarding the output from tshark in statistics mode.

Firstly is it possible to display the date/time of the start of a socket pair when using -z conv,[tcp|udp]? The first occurrence in the file would do, obviously it cannot be guaranteed that this is the "start" of the socket pair for UDP at all or TCP unless the first SYN is present.

Secondly can the output of -z io,stat be told to display an absolute date (from epoch in seconds if necessary) instead of relative ms? I have many pcap files (and do not wish to join them) but I would like to graph packet/byte throughput in a custom way (i.e. I want the data so I can analyse or plot it myself). I'd like to do this across all files, so relative to the first packet doesn't help.

Thanks!

David