What I'm trying to do is use tshark to read a pcap file and give me a human-readable, plain text output file with the correct columns including: absolute date, IP src, IP dst, and Info. Having a first line of the column header names would be nice to have.
The first problem is that I can't figure out what the fields are called. Even though Wireshark has a field called "Info", tshark doesn't think this is a valid name. I also can't get tshark to display any absolute date. I have not found it easy to figure out the -T -E -e options and clearly I am goofing something up.
Here is one run:
C:\Program Files\Wireshark>"c:\Program Files\Wireshark\tshark.exe" -T fields -E occurrence=l -e Info -e _ws.col.AbsTime -e ip.src -e ip.dst -r D:\capturefiles\Daily-capture-2019-11-10_00001_20191110143657.pcap
tshark: Some fields aren't valid:
Info
