get untruncated Line-based text data with timestamps [tshark]
I have established a WebSocket connection with Binance to receive updates about order books. Every ~10ms I receive an update through the WebSocket protocol and each packet contains Line-based text data with the update. I capture the traffic with tcpdump and save it on a file .pcap called "traffic.pcap".
I need to extract each of this information together with the timestamp at which they are received from my side. I have tried with
tshark -nr traffic.pcap -T fields -e frame.number -e frame.time_epoch -e tcp.stream -e text -Y "tcp.stream eq 11" -o tls.keylog_file:$SSLKEYLOGFILE
to extract, for example, the stream 11. The result is quite what I want, except that the Line-based text data is truncated, e.g.
57284 1671613818.220136000 13 Timestamps, [truncated]{"stream":"btcusdt@depth5@100ms","data":{"lastUpdateId":29427350596,"bids":[["16879.24000000","0.03281000"],["16879.23000000","0.03073000"],["16879.21000000","0.02180000"],["16879.20000000","0.00580000"],["16878.93000000","0.0
To avoid truncation, I know that I can reconstruct the stream by using the following command
tshark -nr traffic.pcap -z follow,tls,ascii,13 -q
but I lose any information about the timestamp of each message.
How can I solve this problem?
