 | 1 | initial version |
As suggested by bubbasnmp you can use -e ws.col.Time. You can then use tshark's -t option to change the way that column is presented. To see the list of -t formats enter:
tshark -t.
Here's an example using the -t ad format:
$ tshark -r my.pcapng -t ad -T fields -e _ws.col.Time -e ip.src -e ip.dst
2020-05-22 16:15:02.210876 10.1.1.1 10.2.2.2
2020-05-22 16:15:02.212657 10.2.2.2 10.1.1.1
And the same capture using the -t ud format:
$ tshark -r my.pcapng -t ud -T fields -e _ws.col.Time -e ip.src -e ip.dst
2020-05-22 20:15:02.210876 10.1.1.1 10.2.2.2
2020-05-22 20:15:02.212657 10.2.2.2 10.1.1.1
| | 2 | No.2 Revision |
As suggested by bubbasnmp you can use -e ws.col.Time. _ws.col.Time. You can then use tshark's -t option to change the way that column is presented. To see the list of -t formats enter:
tshark -t.
Here's an example using the -t ad format:
$ tshark -r my.pcapng -t ad -T fields -e _ws.col.Time -e ip.src -e ip.dst
2020-05-22 16:15:02.210876 10.1.1.1 10.2.2.2
2020-05-22 16:15:02.212657 10.2.2.2 10.1.1.1
And the same capture using the -t ud format:
$ tshark -r my.pcapng -t ud -T fields -e _ws.col.Time -e ip.src -e ip.dst
2020-05-22 20:15:02.210876 10.1.1.1 10.2.2.2
2020-05-22 20:15:02.212657 10.2.2.2 10.1.1.1