Wireshark
the world's foremost network protocol analyzer
Wireshark-users: Re: [Wireshark-users] how to print time with epoch formation by tshark
From: j.snelders@xxxxxxxxxx
Date: Mon, 7 Jul 2008 21:51:34 +0200
On Fri, 4 Jul 2008 12:18:43 +0800, Ian jonhson wrote:
>Unluckily, I am not permitted to use GUI. So is it
>possible to achieve this?
>
>On Tue, Jul 1, 2008 at 11:20 PM, Stephen Fisher wrote:
>> On Tue, Jul 01, 2008 at 05:01:19PM +0800, Ian jonhson wrote:
>>> I would like to print the captured packet to standard oupout with
>>> epoch time formation. The command I used is:
>>>
>>> tshark -i 1 -n -f "udp port 8080" -t e -T fields -e frame.time -e
>>> XXXXXX > /tmp/my_tshark_data.$(date +%F-%T)
>>>
Hi Ian
I suppose you just want an outputfile with the timestamp (I don't know,
what you mean by "-e XXXXXX")
tshark:
$ tshark -i 3 -T fields -e frame.time > date
The output file contains only the timestamp:
$ more date
Jul 7, 2008 21:24:09.306763000
Jul 7, 2008 21:24:12.089914000 etc..
date:
Next you can use date to convert the timestamp to the epoch timestamp:
$ date -f date +%s > epoch
$ more epoch
1215458649
1215458652 etc...
Hope this helps
Joan
- Prev by Date: Re: [Wireshark-users] How to filter out last 1000 frames in a quick way
- Next by Date: Re: [Wireshark-users] Capturing Giant Packets Only
- Previous by thread: Re: [Wireshark-users] PPI header capture through rpcap not working
- Next by thread: [Wireshark-users] Question about tshark protocol hierarchy statistics (phs)
- Index(es):