This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

How to convert format of frame.time_relative to this format “hour:minute:second”?

0

Here is what I tried:

tshark -r test.pcap -T fields -e frame.time_relative > file.csv

And here is the csv file I got:

  • frame.time_relative
  • 0
  • 0.000128
  • 0.000315
  • 0.000407
  • 0.010027

I want this format to be a real time format. for example: 16:20:35 (hour:minute:second)

Any idea please...

asked 02 Dec '13, 23:28

Eliza%20Rana's gravatar image

Eliza Rana
11458
accept rate: 0%

edited 03 Dec '13, 08:12

cmaynard's gravatar image

cmaynard ♦♦
9.4k1038142


2 Answers:

2

My answer to this question over at http://stackoverflow.com/ should help you.

answered 03 Dec '13, 08:19

cmaynard's gravatar image

cmaynard ♦♦
9.4k1038142
accept rate: 20%

Thanks cmaynard.

(03 Dec '13, 08:32) Eliza Rana

You're welcome. Now please go delete your duplicate questions.

(03 Dec '13, 08:33) cmaynard ♦♦

1

Raksmey, Eliza, or whatever your name may be

really not meant as an offense,

BUT, why do you open 3!! questions for the identical problem?

This is a Q&A site, with the purpose to get answers for questions and to search for answers to similar problems. If you clutter the site with questions, you will not help others to find an answer to their problems, as all your redundant, open questions will distract/confuse them.

The reason why you don't get that many answers to your questions is pretty simple. It is obvious, that your are trying to get the work done for your homework, by other people. You are asking for complete solutions, like: 'please draw CDR of TCP frames with R'. Why do you think people would do that? It's quite some work and foremost it is your work as it is your homework.

If you promise the following things, I promise to give you some hints how to finish your homework.

  • you promise to stop creating questions over and over again for the same homework problem
  • you promise to consolidate all your questions in one new question
  • you promise to add information to that question what you have already tried and what problems you are still facing
  • you promise to delete your other, redundant questions

If all that happens

  • I promise to give you some hints for your homework problems. However: don't expect to get any (R) code or a colored PDF with your letterhead and all the answers for your homework!!

Regards
Kurt

answered 03 Dec '13, 03:09

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

edited 03 Dec '13, 03:09

I'm sorry for this

(03 Dec '13, 04:22) Eliza Rana

no need to be sorry. You can help others to help you, by asking the right questions in the right way ;-))

So, regarding your time problem, you have these options:

tshark -nr input.pcap -T fields -e frame.time

which will print the absolute date/time in the following format

Dec  3, 2013 15:04:01.154144000
Dec  3, 2013 15:04:02.678225000
Dec  3, 2013 15:04:02.778029000

tshark -nr input.pcap -T fields -e frame.time_relative

which will print the absolute date/time in 'Unix time', which is seconds passed since 1.1.1970 00:00:00.

http://en.wikipedia.org/wiki/Unix_time

1386079441.154144000
1386079442.678225000
1386079442.778029000

tshark -nr input.pcap -T fields -e frame.time_relative

which will print the relative time (in seconds) since the beginning of the capture file.

0.000000000
1.524081000
1.623885000
1.624036000

Those time formats are all described in the docs

http://www.wireshark.org/docs/wsug_html_chunked/ChWorkTimeFormatsSection.html

So, to solve your 'CDR graphing problem', you could use frame.time and remove the date part (with a script) or frame.time_relative and convert the seconds to hh:mm:ss (with a script).

Regards
Kurt

(03 Dec '13, 06:33) Kurt Knochner ♦

Thank you!

(03 Dec '13, 08:32) Eliza Rana