Tshark's driving me mad! I want to parse a trace and output as csv with headers and I want the date format in UTC. Instead I always get the long format like "May 20, 2020 17:34:23.241938000 Eastern Daylight Time".
My current attempt is using the following, which according to link:this post can be done with -t ud, but it doesn't affect the output. For instance:
tshark -r in.pcap -Y frame.number==1 -E header=y -E separator=',' -t ud -T fields -e frame.time
I also explored the -o gui.column.format option (which is tricky to get working in powershell, but I did). I was able to format the date properly using that method, but I didn't see a way to add comma separators or headers.
My long term goal is to dump TCP parameters so that I can import into Splunk and design charts to understand slow uploads and TCP congestion. Wireshark takes to long to chart and crashes frequently. And some a previously mentioned tool like TCP trace is archaic stating that maybe it'll work on Win2000 :) Splunk integration would also be nice because I could correlate with other log data that is already imported.
Doesn't anybody know why -d option doesn't work?
Thanks -Paul
