Ask Your Question
0

When I export selected packets using K12 (.txt) there is a header for each packet that looks like this "16:56:41,730,829 ETHER". What do the numbers represent?

asked 2024-05-24 13:50:01 +0000

RLM gravatar image

Is it possible to have this header information represent the sequence number or the time?

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2024-05-24 16:07:01 +0000

johnthacker gravatar image

It's a time, without a date. It's a format used by certain Tektronix protocol analyzers. You shouldn't use it if you don't have to, i e. if you don't have a Tek protocol analyzer, because it's a pretty terrible format. You can't change the header information because then it wouldn't be a K12 file.

https://wiki.wireshark.org/K12 https://gitlab.com/wireshark/wireshar...

What problem are you trying to solve by exporting to that format?

edit flag offensive delete link more

Comments

I am importing the txt file into excel where I can parse it and verify that the message is consistent with the Interface control document (ICD). I need to be able to track which packet is being parsed either by sequence number or time.

RLM gravatar imageRLM ( 2024-05-24 17:56:03 +0000 )edit

You probably want one of the options available under "Export Packet Dissections." If you want to track the sequence number or the time, then one way that is compatible with spreadsheets like Excel is to add all the relevant columns you need (such as sequence number, time, and payload), and export as CSV.

johnthacker gravatar imagejohnthacker ( 2024-05-25 13:07:01 +0000 )edit

then one way that is compatible with spreadsheets like Excel is to add all the relevant columns you need

If somebody hasn't already filed an enhancement-request issue to allow exporting named fields, rather than columns, as a CSV file, so that the "add the relevant columns" field doesn't have to be done in this case, that needs to be done. (This can currently be done with TShark and the -T fields., -e {fieldname}, and -E separator=, options.)

Guy Harris gravatar imageGuy Harris ( 2024-05-25 19:22:53 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

Stats

Asked: 2024-05-24 13:50:01 +0000

Seen: 139 times

Last updated: May 24