http.time using tshark [closed]

asked Nov 29 '18

This post is a wiki. Anyone with karma >750 is welcome to improve it.

Hi,

http.time is calculated by Wireshark.

Can tshark calculate http.time? I mean a command like "tshark -r test.pcap -T fields -e http.time > test.pcap.tshark.txt" I need to use tshark and calculate http.time using tshark.

Best regards, Babak

Closed for the following reason the question is answered, right answer was accepted by Babak
close date 2018-11-30 15:41:10.968631

answered Nov 29 '18

Guy Harris
19905 ●3 ●667 ●207

updated Nov 29 '18

An example of a command to use to calculate http.time with TShark is

tshark -r test.pcap -T fields -e http.time > test.pcap.tshark.txt

:-)

(It's calculated by the HTTP dissector in libwireshark, which is used both by Wireshark and TShark to dissect packets.)

link

Comments

It does not work.

Babak ( Nov 29 '18 )

tshark -r test.pcap -T fields -e http.time > test.pcap.tshark.txt

This command works in Windows, but it does not work in Linux. Why? Do you have any idea?

Babak ( Nov 29 '18 )

I updated my tshark in Linux to 2.2.5 and it is fine. I do not have any problem for calculating http.time in Linux.

Babak ( Nov 30 '18 )

add a comment

http.time using tshark [closed]

Closed for the following reason the question is answered, right answer was accepted by Babak
close date 2018-11-30 15:41:10.968631

1 Answer

Comments

Question Tools

Stats

Related questions

http.time using tshark [closed] savecancel

Closed for the following reason the question is answered, right answer was accepted by Babak close date 2018-11-30 15:41:10.968631

1 Answer

Comments

Question Tools

Stats

Related questions

http.time using tshark [closed]

Closed for the following reason the question is answered, right answer was accepted by Babak
close date 2018-11-30 15:41:10.968631