Ask Your Question

Extracting RTP stats from pcap files using Tshark and using absolute timestamp in epoch

asked 2022-05-19 20:19:12 +0000

updated 2022-05-20 04:06:13 +0000

grahamb gravatar image

Is it possible to get the start and end time in absolute epoch? I am trying to process some pcap files I received from someone and trying to build a parser to convert this to CSV. However, my first step is to figure out how to get the timestamp in epoch. Thanks

[email protected]:~/downloads# tshark -r call-from-other-tur-19may2022-1.pcap -q -z rtp,streams
Running as user "root" and group "root". This could be dangerous.
========================= RTP Streams ========================
Start time End time  Src IP addr  Port  Dest IP addr Port  SSRC       Payload Pkts Lost     Min Delta(ms) Mean Delta(ms) Max Delta(ms) Min Jitter(ms) Mean Jitter(ms) Max Jitter(ms) Problems?
1.681994   17.526699 12000 12010 0x57C314A9 g711A   793  0 (0.0%) 19.090        20.006         25.106        0.052          0.191           0.511
1.679413   17.518439 12010 12000 0x726160A7 g711A   793  0 (0.0%) 18.989        19.999         24.241        0.001          0.312           0.564
edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted

answered 2022-05-20 04:13:09 +0000

grahamb gravatar image

Unfortunately not. Many of the -z statistics use a fixed output format that doesn't track other tshark settings, e.g. the -t options for setting timestamp formats.

While this could be changed, a reason to keep the format fixed is to ensure output doesn't vary due to other settings, e.g. profile in use which might break scripts consuming the output.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools


Asked: 2022-05-19 20:19:12 +0000

Seen: 76 times

Last updated: May 20