I'd love to find a tshark-native answer to this as well -- my understanding from searching the
archives is that it isn't possible using '-T fields', but it might be possible to change the output format preferences.
I ended up just passing my tshark output through an awk script that converted the timestamp for me.
-mike
-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx on behalf of George Roebe
Sent: Tue 1/12/2010 1:18 AM
To: wireshark-users@xxxxxxxxxxxxx
Subject: [Wireshark-users] Neet Help Printing Tshark Time Value
I need some help printing the time using tshark. I have a trace trace01 and I'm running the following command:
tshark -r trace01 -R "wlan.sa == xx:xx:xx:xx:xx:xx" -t e -T text -T fields -e frame.time
I need the time printed to the console from the epoch: The time in seconds since epoch (Jan 1, 1970 00:00:00), and I thought (according to the man page) that that's what the -t e command would do. However, it doesn't seem to work: I get times like
Jan 19, 2009 13:07:54.974012000
Is there any way I can get the epoch times alone printed to the screen or to a file?
Greatly appreciated.
_________________________________________________________________
Hotmail: Powerful Free email with security by Microsoft.
http://clk.atdmt.com/GBL/go/196390710/direct/01/
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
<<winmail.dat>>
