tshark (1.10.6) on Ubuntu

[Ravi Inder Singh <raviinder () gmail com>]

When i gave following command on ubuntu

tshark -2 -F pcap -r tcpdump.pcap -R "tcp and ip" -w  write.pcap

1) used -F pcap option i want e.pcap in old pcap format.

problem/issue :- When i open write.pcap it has loosed his old time/date

 i.e. tcpdump.pcap was having 26 July 2014  with some time 10.12.34  but in
write.pcap it comes to 1970-01-01 with time 00.00.00 .

If i use -w option i will give raw packet but why it is loosing Time from
it.


Is any way to correct this situation with option or anything else.


Thanks,

Ravi

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe