Wireshark mailing list archives
Re: tcp.time_delta column with tshark
From: Martin Visser <martinvisser99 () gmail com>
Date: Sun, 30 Jan 2011 19:42:19 +1000
If you capture traffic on your network on or in the path between the client and proxy, you will see see the HTTP proxy traffic. HTTP traffic direct to the web-server or via a proxy are fundamentally the same - the proxy just has to handle the edge conditions a little differently. Regards, Martin MartinVisser99 () gmail com On 30 January 2011 15:26, vincent paul <amoteluro () yahoo com> wrote:
Thank you Sake and J.Snelders for your quick and precious help. Best Regards, PV NOTE: Any idea how to see the packets' content between client and its proxy (not web server) ________________________________ From: Sake Blok <sake () euronet nl> To: Community support list for Wireshark <wireshark-users () wireshark org> Sent: Sat, January 29, 2011 8:24:21 AM Subject: Re: [Wireshark-users] tcp.time_delta column with tshark On 29 jan 2011, at 16:52, j.snelders wrote:On Sat, 29 Jan 2011 00:26:40 -0800 (PST) vincent paul wrote:1) I try to use tshark to export a capture into csv file. I use -T fields -E separator=, -e tcp.time_delta....... I could see other column data butnottcp.time_delta . Any idea.No, but it does print the frame.time_delta $ tshark -r test.pcap -T fields -E separator=, -e frame.number -e frame.time_deltaIn order to be able to use tcp.time_relative and tcp.time_delta, you will need to enable TCP timestamps. This is disabled by default (for performance optimization). You can check whether tshark is using TCP timestamps: $ tshark -G currentprefs | grep tcp.calculate_timestamps tcp.calculate_timestamps: TRUE $ If you want to enable them, use: tshark -o cp.calculate_timestamps:TRUE -r <file> -T fields -e ... -e tcp.time_delta -e ... Cheers, Sake ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- Re: How source and destination is identified in Wireshark?, (continued)
- Re: How source and destination is identified in Wireshark? Guy Harris (Jan 28)
- Re: How source and destination is identified in Wireshark? Guy Harris (Jan 28)
- Re: How source and destination is identified in Wireshark? ronnie sahlberg (Jan 28)
- Re: How source and destination is identified in Wireshark? Andrew Hood (Jan 28)
- Re: How source and destination is identified in Wireshark? Guy Harris (Jan 28)
- tcp.time_delta column with tshark vincent paul (Jan 29)
- Re: tcp.time_delta column with tshark j.snelders (Jan 29)
- Re: tcp.time_delta column with tshark Sake Blok (Jan 29)
- Re: tcp.time_delta column with tshark j.snelders (Jan 29)
- Re: tcp.time_delta column with tshark vincent paul (Jan 29)
- Re: tcp.time_delta column with tshark Martin Visser (Jan 30)
- Re: tcp.time_delta column with tshark vincent paul (Jan 30)
- Re: tcp.time_delta column with tshark Martin Visser (Jan 30)
- Re: tcp.time_delta column with tshark vincent paul (Jan 31)