Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: [Wireshark-dev] Wireshark (Tshark issue ) help required.

From: Ravi Inder Singh <raviinder@xxxxxxxxx>
Date: Mon, 1 Sep 2014 21:16:31 -0400

When i gave following command on ubuntu

tshark -2 -F pcap -r tcpdump.pcap -R "tcp and ip" -w  write.pcap

1) used -F pcap option i want e.pcap in old pcap format.

problem/issue :- When i open write.pcap it has loosed his old time/date

 i.e. tcpdump.pcap  in its Time column is having 26 July 2014  with some time 10.12.34 , but in write.pcap it comes to 1970-01-01 with time 00.00.00  in Time column. 


If i use -w option i will give raw packet but why it is loosing Time from it. i.e. i want my Time to be intact rather that going to default time.


Is any way to correct this situation with option or anything else.



Thanks,

Ravi