Wireshark
the world's foremost network protocol analyzer
Wireshark-users: Re: [Wireshark-users] how to print time with epoch formation by tshark
From: Stephen Fisher <stephentfisher@xxxxxxxxx>
Date: Tue, 1 Jul 2008 09:20:55 -0600
On Tue, Jul 01, 2008 at 05:01:19PM +0800, Ian jonhson wrote: > I would like to print the captured packet to standard oupout with > epoch time formation. The command I used is: > > tshark -i 1 -n -f "udp port 8080" -t e -T fields -e frame.time -e > XXXXXX > /tmp/my_tshark_data.$(date +%F-%T) > > The parameter "-t e" seems not to take effect. This is because the -t e option only applies to the normal timestamps that tshark shows, not to the frame.time field. The time format is stored in the "recent" settings file. The easiest way to change this would be to open Wiresdhark and change the time format from the View - Time Display Format menu if you have access to the GUI. You could also see if you have a ~/.wireshark/recent file and edit the gui.time_format setting there. Steve
- Follow-Ups:
- Re: [Wireshark-users] how to print time with epoch formation by tshark
- From: Ian jonhson
- Re: [Wireshark-users] how to print time with epoch formation by tshark
- From: Guy Harris
- Re: [Wireshark-users] how to print time with epoch formation by tshark
- References:
- [Wireshark-users] how to print time with epoch formation by tshark
- From: Ian jonhson
- [Wireshark-users] how to print time with epoch formation by tshark
- Prev by Date: Re: [Wireshark-users] Bug 553: Wireshark appears offscreen on multi-monitor Windows systems (Was: Wireshark 1.0.1 is now available)
- Next by Date: [Wireshark-users] 64-bit Vista
- Previous by thread: [Wireshark-users] how to print time with epoch formation by tshark
- Next by thread: Re: [Wireshark-users] how to print time with epoch formation by tshark
- Index(es):