Wireshark · Wireshark-users: Re: [Wireshark-users] how to print time with epoch formation by tshark

Wireshark-users: Re: [Wireshark-users] how to print time with epoch formation by tshark

From: "Ian jonhson" <jonhson.ian@xxxxxxxxx>

Date: Fri, 4 Jul 2008 12:18:43 +0800

Unluckily,  I am not permitted to use GUI. So is it
possible to achieve this?


On Tue, Jul 1, 2008 at 11:20 PM, Stephen Fisher
<stephentfisher@xxxxxxxxx> wrote:
> On Tue, Jul 01, 2008 at 05:01:19PM +0800, Ian jonhson wrote:
>
>> I would like to print the captured packet to standard oupout with
>> epoch time formation. The command I used is:
>>
>>  tshark -i 1 -n -f "udp port 8080" -t e -T fields -e frame.time -e
>> XXXXXX > /tmp/my_tshark_data.$(date +%F-%T)
>>
>> The parameter "-t e" seems not to take effect.
>
> This is because the -t e option only applies to the normal timestamps
> that tshark shows, not to the frame.time field.  The time format is
> stored in the "recent" settings file.  The easiest way to change this
> would be to open Wiresdhark and change the time format from the View -
> Time Display Format menu if you have access to the GUI.  You could also
> see if you have a ~/.wireshark/recent file and edit the gui.time_format
> setting there.
>
>
> Steve
> _______________________________________________
> Wireshark-users mailing list
> Wireshark-users@xxxxxxxxxxxxx
> https://wireshark.org/mailman/listinfo/wireshark-users
>

References:
- [Wireshark-users] how to print time with epoch formation by tshark
  - From: Ian jonhson
- Re: [Wireshark-users] how to print time with epoch formation by tshark
  - From: Stephen Fisher

Prev by Date: Re: [Wireshark-users] Dumpcap crashes all the times
Next by Date: Re: [Wireshark-users] Possible network latency
Previous by thread: Re: [Wireshark-users] how to print time with epoch formation by tshark
Next by thread: Re: [Wireshark-users] how to print time with epoch formation by tshark
Index(es):
- Date
- Thread