Ask Your Question
0

timestamp diameter after decode as

asked 2018-08-01 08:45:24 +0000

Ahmad12345 gravatar image

updated 2018-08-01 09:36:38 +0000

grahamb gravatar image

Hello everyone,

After decoding the diameter trace the time appears in UNIX Epoch format, how can I convert it to HH:MM:SS format.

The command that I use :

tshark -r capture-output.pcap -t ud -d tcp.port==40201,diameter -d tcp.port==40202,diameter -q -z diameter,avp,272,CC-Request-Type,Session-Id,Subscription-Id-Data,Rating-Group,Result-Code,CC-Total-Octets

Result:

frame='76' time='1533111722.164180'

Thanks in advance.

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2018-08-01 10:18:50 +0000

grahamb gravatar image

I think this is likely the output format of the -z diameter,avp option. From the tshark manual:

-z diameter,avp[,cmd.code,field,field,...]
This option enables extraction of most important diameter fields from large capture files. Exactly one text line for each diameter message with matched diameter.cmd.code will be printed.

....

tshark -r file.cap.gz -q -z diameter,avp,272,CC-Request-Type,CC-Request-Number,Session-Id,Subscription-Id-Data,Rating-Group,Result-Code

Following fields will be printed out for each diameter message:

  "frame"        Frame number.
  "time"         Unix time of the frame arrival.
...

So it would seem that the option prints out the Unix time as you have found. You can either post process the output, or attempt to emulate what -z diameter,avp does using -T fields -e ... and appropriate display filters.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2018-08-01 08:45:24 +0000

Seen: 43 times

Last updated: Aug 01