Wireshark · Wireshark-users: Re: [Wireshark-users] tcp.time

Wireshark-users: Re: [Wireshark-users] tcp.time_delta column with tshark

From: Martin Visser <martinvisser99@xxxxxxxxx>

Date: Sun, 30 Jan 2011 19:42:19 +1000

If you capture traffic on your network  on or in the path between the
client and proxy, you will see see the HTTP proxy traffic. HTTP
traffic direct to the web-server or via a proxy are fundamentally the
same - the proxy just has to handle the edge conditions a little
differently.

Regards, Martin

MartinVisser99@xxxxxxxxx



On 30 January 2011 15:26, vincent paul <amoteluro@xxxxxxxxx> wrote:
> Thank you Sake and J.Snelders for your quick and precious  help.
>
> Best Regards,
> PV
>
> NOTE: Any idea how to see the packets' content between client and its proxy
> (not web server)
>
> ________________________________
> From: Sake Blok <sake@xxxxxxxxxx>
> To: Community support list for Wireshark <wireshark-users@xxxxxxxxxxxxx>
> Sent: Sat, January 29, 2011 8:24:21 AM
> Subject: Re: [Wireshark-users] tcp.time_delta column with tshark
>
> On 29 jan 2011, at 16:52, j.snelders wrote:
>
>> On Sat, 29 Jan 2011 00:26:40 -0800 (PST) vincent paul wrote:
>>>
>>> 1) I try to use tshark to export a capture into csv file.  I use -T
>>> fields
>>> -E
>>> separator=, -e tcp.time_delta.......  I could see other column data but
>> not
>>>
>>> tcp.time_delta .  Any idea.
>>
>> No, but it does print the frame.time_delta
>> $ tshark -r test.pcap -T fields -E separator=, -e frame.number -e
>> frame.time_delta
>
> In order to be able to use tcp.time_relative and tcp.time_delta, you will
> need to enable TCP timestamps. This is disabled by default (for performance
> optimization).
>
> You can check whether tshark is using TCP timestamps:
>
> $ tshark -G currentprefs | grep tcp.calculate_timestamps
> tcp.calculate_timestamps: TRUE
> $
>
> If you want to enable them, use:
>
> tshark -o cp.calculate_timestamps:TRUE -r <file> -T fields -e ... -e
> tcp.time_delta -e ...
>
> Cheers,
>
>
> Sake
>
> ___________________________________________________________________________
> Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
> Archives:    http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
>
>
> ___________________________________________________________________________
> Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
> Archives:    http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
>

Follow-Ups:
- Re: [Wireshark-users] tcp.time_delta column with tshark
  - From: vincent paul
- Re: [Wireshark-users] tcp.time_delta column with tshark
  - From: vincent paul

References:
- Re: [Wireshark-users] tcp.time_delta column with tshark
  - From: j.snelders
- Re: [Wireshark-users] tcp.time_delta column with tshark
  - From: Sake Blok
- Re: [Wireshark-users] tcp.time_delta column with tshark
  - From: vincent paul

Prev by Date: Re: [Wireshark-users] tshark: Read filters were specified both with "-R" and with additional command-line arguments
Next by Date: [Wireshark-users] WIRESHARK EVENT IN A TECHFEST
Previous by thread: Re: [Wireshark-users] tcp.time_delta column with tshark
Next by thread: Re: [Wireshark-users] tcp.time_delta column with tshark
Index(es):
- Date
- Thread