Revision history - Ask Wireshark

I found that tshark.exe can parse the data in correct format.

"C:\Program Files\Wireshark\tshark.exe" -r NetworkTrace.pcapng -Y "tds.type==18 && !tls" -T fields -e frame.time_utc -e ip.src -e tcp.srcport -e ip.dst -e tcp.dstport -e tds.prelogin.option.traceid -E header=y -E separator=, -E quote=d -E occurrence=f frame.time_utc,ip.src,tcp.srcport,ip.dst,tcp.dstport,tds.prelogin.option.traceid "Mar 4, 2024 23:58:32.867157000 UTC","10.xx.0.xx","1466","xx.1xx.xxx.1","1433","5363526ed6eae44faa28695c803ba6b8527b3c7cab692b4a96b0d698c7a15d8902010000"

I found that tshark.exe can parse the data in correct format.

"C:\Program Files\Wireshark\tshark.exe" -r NetworkTrace.pcapng -Y "tds.type==18 && !tls" -T fields -e frame.time_utc -e ip.src -e tcp.srcport -e ip.dst -e tcp.dstport -e tds.prelogin.option.traceid -E header=y -E separator=, -E quote=d -E occurrence=f frame.time_utc,ip.src,tcp.srcport,ip.dst,tcp.dstport,tds.prelogin.option.traceid "Mar 4, 2024 23:58:32.867157000 ~~UTC","10.xx.0.xx","1466","xx.1xx.xxx.1","1433","5363526ed6eae44faa28695c803ba6b8527b3c7cab692b4a96b0d698c7a15d8902010000"~~
UTC","10.xx.0.xx","1466","xx.1xx.xxx.1","1433","5363526ed6eae44faa28695c803ba6b8527b3c7cab692b4a96b0d698c7a15d8902010000"

Revision history [back]