Wireshark mailing list archives
Re: tcp.time_delta column with tshark
From: vincent paul <amoteluro () yahoo com>
Date: Sat, 29 Jan 2011 21:26:42 -0800 (PST)
Thank you Sake and J.Snelders for your quick and precious help. Best Regards, PV NOTE: Any idea how to see the packets' content between client and its proxy (not web server) ________________________________ From: Sake Blok <sake () euronet nl> To: Community support list for Wireshark <wireshark-users () wireshark org> Sent: Sat, January 29, 2011 8:24:21 AM Subject: Re: [Wireshark-users] tcp.time_delta column with tshark On 29 jan 2011, at 16:52, j.snelders wrote:
On Sat, 29 Jan 2011 00:26:40 -0800 (PST) vincent paul wrote:1) I try to use tshark to export a capture into csv file. I use -T fields -E separator=, -e tcp.time_delta....... I could see other column data butnottcp.time_delta . Any idea.No, but it does print the frame.time_delta $ tshark -r test.pcap -T fields -E separator=, -e frame.number -e frame.time_delta
In order to be able to use tcp.time_relative and tcp.time_delta, you will need to enable TCP timestamps. This is disabled by default (for performance optimization). You can check whether tshark is using TCP timestamps: $ tshark -G currentprefs | grep tcp.calculate_timestamps tcp.calculate_timestamps: TRUE $ If you want to enable them, use: tshark -o cp.calculate_timestamps:TRUE -r <file> -T fields -e ... -e tcp.time_delta -e ... Cheers, Sake ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- Re: How source and destination is identified in Wireshark?, (continued)
- Re: How source and destination is identified in Wireshark? Martin Visser (Jan 24)
- Re: How source and destination is identified in Wireshark? Guy Harris (Jan 28)
- Re: How source and destination is identified in Wireshark? Guy Harris (Jan 28)
- Re: How source and destination is identified in Wireshark? ronnie sahlberg (Jan 28)
- Re: How source and destination is identified in Wireshark? Andrew Hood (Jan 28)
- Re: How source and destination is identified in Wireshark? Guy Harris (Jan 28)
- tcp.time_delta column with tshark vincent paul (Jan 29)
- Re: tcp.time_delta column with tshark j.snelders (Jan 29)
- Re: tcp.time_delta column with tshark Sake Blok (Jan 29)
- Re: tcp.time_delta column with tshark j.snelders (Jan 29)
- Re: tcp.time_delta column with tshark vincent paul (Jan 29)
- Re: tcp.time_delta column with tshark Martin Visser (Jan 30)
- Re: tcp.time_delta column with tshark vincent paul (Jan 30)
- Re: tcp.time_delta column with tshark Martin Visser (Jan 30)
- Re: tcp.time_delta column with tshark vincent paul (Jan 31)