Wireshark-users: [Wireshark-users] Using tshark to extract ssl.handshake.random_time in hex
Date Prev · Date Next · Thread Prev · Thread Next
From: Thomas Glanzmann <thomas@xxxxxxxxxxxx>
Date: Wed, 3 Aug 2016 00:35:18 +0200
Hello,
I would like to use wireshark to extract the 4 bytes that represent
ssl.handshake.random_time in hex. Currently I only managed to extract it
as unix time by doing that:

$ tshark -nr sniff.pcap -Y 'ssl.handshake.type == 1' -T fields -e ssl.handshake.random_time
Aug  2, 2016 17:00:11.000000000 CEST

Any hints how to obtain that?

I'm using tshark 1.12.1 which is packaged with Debian jessie. In
backports also 2.0.4 is available. But I'm also fine to compile
wireshark by myself.

Cheers,
        Thomas