Re: R: Re: add timestamp to fieldlist in wireshark

[Sake Blok <sake () euronet nl>]

On Fri, Nov 27, 2009 at 04:33:13PM +0100, haneugen () yahoo de wrote:
> I've found that switch already, but if you use tshark in the form like
> tshark -r file -T fields -t e -e fieldname
> you  have to add all the needed fields in the list through -e fieldname,
> but I have not found a field which would me either give the timestamp 
> by default or is effected by the -t e option. Thus my problem is which 
> field do I have to add to the timestamp. 

Currently there is no field that can be used with -T fields that follows
the timestamp format given by -t, so you're kinda stuck here. You might
want to add a feature request to https://bugs.wireshark.org for that, as
I think it could be a very useful addition...

> Beyond having a list of all available fields as well would be helpful, 
> so far I only know of 
> http://packetlife.net/media/library/13/Wireshark_Display_Filters.pdf 
> as the most detailed one. Anyone a further idea?

http://www.wireshark.org/docs/dfref/

Cheers,


Sake
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe