Ask Your Question
0

Need to print time in human readable format

asked 2021-03-24 15:03:58 +0000

Asif Ansari gravatar image

updated 2021-03-24 15:34:44 +0000

grahamb gravatar image

Hello! Team,

1.

I need to get the time in human readable format with the use of the below command :

tshark -r file.cap.gz -q -z diameter,avp,272,CC-Request-Type,CC-Request-Number,Rating-Group,Result-Code

frame='19857' time='1616436616.267048' src='172.21.198.162' srcport='35102' dst='172.20.56.36' dstport='3868' proto='diameter' msgnr='0' is_request='1' cmd='272' req_frame='19857' ans_frame='0' resp_time='0.000000' CC-Request-Type='1' CC-Request-Number='0' Rating-Group='8'

Currently, it shows the unix timestamp.

2.

With the below command, i am not getting the col.Info

TZ=EST5EDT tshark -nr kub2-4.wlk-mtce-1.vzwops.com-20210322181013.pcap.gz -T fields -E separator=',' -e frame.time -e ip.src -e tcp.srcport -e ip.dst -e tcp.dstport -e proto -e diameter.flags.request -e diameter.cmd.code -e diameter.answer_to -e diameter.answer_in -e diameter.resp_time -e diameter.Session-Id -e diameter.CC-Request-Type -e diameter.CC-Request-Number -e diameter.Result-code -e col.Info

Running as user "root" and group "asifa". This could be dangerous.
Mar 22, 2021 14:10:13.953618000,,,,,,,,,,,,,,,
Mar 22, 2021 14:10:13.950131000,172.18.120.6,32770,172.18.120.5,1029,,,,,,,,,,,
Mar 22, 2021 14:10:13.950585000,172.21.198.154,40896,172.20.56.6,3009,,,,,,,,,,,
Mar 22, 2021 14:10:13.950600000,172.21.198.154,40896,172.20.56.6,3009,,,,,,,,,,,
Mar 22, 2021 14:10:13.951051000,172.21.198.154,40902,172.20.56.6,3009,,,,,,,,,,,
Mar 22, 2021 14:10:13.951062000,172.21.198.154,40902,172.20.56.6,3009,,,,,,,,,,,
Mar 22, 2021 14:10:13.951089000,172.21.198.154,44484,172.20.56.6,3009,,,,,,,,,,,
Mar 22, 2021 14:10:13.951102000,172.21.198.154,44484,172.20.56.6,3009,,,,,,,,,,,

[[email protected] vz]# tshark -v
TShark 1.8.10 (SVN Rev Unknown from unknown)

Copyright 1998-2013 Gerald Combs <[email protected]> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GLib 2.28.8, with libpcap, with libz 1.2.3, without POSIX
capabilities, with SMI 0.4.8, without c-ares, without ADNS, without Lua, without
Python, with GnuTLS 2.8.5, with Gcrypt 1.4.5, with MIT Kerberos, without GeoIP.

Running on Linux 2.6.32-504.16.2.el6.x86_64, with locale en_US.UTF-8, with
libpcap version 1.4.0, with libz 1.2.3.

Built using gcc 4.4.7 20120313 (Red Hat 4.4.7-15).[[email protected] vz]# tshark -v
TShark 1.8.10 (SVN Rev Unknown from unknown)

Copyright 1998-2013 Gerald Combs <[email protected]> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GLib 2.28.8, with libpcap, with libz 1.2.3, without POSIX
capabilities, with SMI 0.4.8, without c-ares, without ADNS, without Lua, without
Python, with GnuTLS ...
(more)
edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2021-03-24 15:46:09 +0000

grahamb gravatar image

Answers below, but note you're using a very old version of Wireshark (1.8.10) which was EOL June 2014. See the Wiki LifeCycle page for more info.

  1. That's the specified output of the -z diameter option, from the man page:

    -z diameter,avp[,cmd.code,field,field,...]

    ...

    Following fields will be printed out for each diameter message:

    "frame" Frame number.

    "time" Unix time of the frame arrival.`

  2. When using -T fields, column names must be prefixed with _ws.col., e.g. _ws.col.Info.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2021-03-24 15:03:58 +0000

Seen: 97 times

Last updated: Mar 24