This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

tshark writing 1st jan 1970 as packet time stamps after writing to new file using -w option

0

Hi All, Iam getting strange issue, when iam trying to split file using -R filter and writing to a new file, all packets for time stamp are marked as 1st Jan 1970. Below is the command iam using. ./tshark.exe -n -r time_issue.pcapng -2 -R '!gtp&&!icmp&&dns' -w time_issueSplit2.pcapng

Iam Using TShark 1.10.5 (SVN Rev 54262 from /trunk-1.10) does any body have any idea why its happining.

Thanx a Lot

asked 13 Jan '14, 02:41

Saji%20Nair's gravatar image

Saji Nair
11112
accept rate: 0%

edited 13 Jan '14, 21:35

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196

One Answer:

0

I can confirm that behavior. However, it only happens with -2 -R and not with -Y (should also work in your case).

Please file a bug report at https://bugs.wireshark.org

Regards
Kurt

answered 13 Jan '14, 06:57

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%