Hi Pari,
Thu, 28 Aug 2008 20:08:53
> tshark -o column.format: ""No.",
Skip the space between <column.format:> <""No.",>
This will give the same error: tshark: Invalid -o flag "column.format:"
> But i have one more question how do i have header in this file
I don't know.
You can use the option -E header=y|n only when -T fields are selected.
> and change the time format
Take a look at:
http://anonsvn.wireshark.org/wireshark/trunk/epan/column.c
"%Yt", /* 1) COL_ABS_DATE_TIME */
"%At", /* 2) COL_ABS_TIME */
"%Tt", /* 11) COL_DELTA_TIME */
"%dct", /* 12) COL_DELTA_CONV_TIME */
"%Gt", /* 13) COL_DELTA_TIME_DIS */
"%Rt", /* 49) COL_REL_TIME */
"%rct", /* 50) COL_REL_CONV_TIME */
"%t", /* 58) COL_CLS_TIME */
You can use more than one time format:
$ tshark -o column.format:""No.", "%m", "Time", "%Yt", "Time", "%Tt"" -r
test.pcap
Fri, 29 Aug 2008 02:16:32
> One more thing i wanted to know how can i get the connection status like
rejected tcp connection, established tcp connection etc
In Wireshark you can take a look at:
- Analyze > Expert Info Composite > Chats:
- Statistics > Conversations > TCP
Hope this helps
Joan
