Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

Need to print time in human readable format

Hello! Team,

1

I need to get the time in human readable format with the use of the below command :

tshark -r file.cap.gz -q -z diameter,avp,272,CC-Request-Type,CC-Request-Number,Rating-Group,Result-Code

frame='19857' time='1616436616.267048' src='172.21.198.162' srcport='35102' dst='172.20.56.36' dstport='3868' proto='diameter' msgnr='0' is_request='1' cmd='272' req_frame='19857' ans_frame='0' resp_time='0.000000' CC-Request-Type='1' CC-Request-Number='0' Rating-Group='8'

Currently, it shows the unix timestamp.

2

With the below command, i am not getting the col.Info

TZ=EST5EDT tshark -nr kub2-4.wlk-mtce-1.vzwops.com-20210322181013.pcap.gz -T fields -E separator=',' -e frame.time -e ip.src -e tcp.srcport -e ip.dst -e tcp.dstport -e proto -e diameter.flags.request -e diameter.cmd.code -e diameter.answer_to -e diameter.answer_in -e diameter.resp_time -e diameter.Session-Id -e diameter.CC-Request-Type -e diameter.CC-Request-Number -e diameter.Result-code -e col.Info

Running as user "root" and group "asifa". This could be dangerous. Mar 22, 2021 14:10:13.953618000,,,,,,,,,,,,,,, Mar 22, 2021 14:10:13.950131000,172.18.120.6,32770,172.18.120.5,1029,,,,,,,,,,, Mar 22, 2021 14:10:13.950585000,172.21.198.154,40896,172.20.56.6,3009,,,,,,,,,,, Mar 22, 2021 14:10:13.950600000,172.21.198.154,40896,172.20.56.6,3009,,,,,,,,,,, Mar 22, 2021 14:10:13.951051000,172.21.198.154,40902,172.20.56.6,3009,,,,,,,,,,, Mar 22, 2021 14:10:13.951062000,172.21.198.154,40902,172.20.56.6,3009,,,,,,,,,,, Mar 22, 2021 14:10:13.951089000,172.21.198.154,44484,172.20.56.6,3009,,,,,,,,,,, Mar 22, 2021 14:10:13.951102000,172.21.198.154,44484,172.20.56.6,3009,,,,,,,,,,,

[root@pcrf125 vz]# tshark -v TShark 1.8.10 (SVN Rev Unknown from unknown)

Copyright 1998-2013 Gerald Combs [email protected] and contributors. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GLib 2.28.8, with libpcap, with libz 1.2.3, without POSIX capabilities, with SMI 0.4.8, without c-ares, without ADNS, without Lua, without Python, with GnuTLS 2.8.5, with Gcrypt 1.4.5, with MIT Kerberos, without GeoIP.

Running on Linux 2.6.32-504.16.2.el6.x86_64, with locale en_US.UTF-8, with libpcap version 1.4.0, with libz 1.2.3.

Built using gcc 4.4.7 20120313 (Red Hat 4.4.7-15).[root@pcrf125 vz]# tshark -v TShark 1.8.10 (SVN Rev Unknown from unknown)

Copyright 1998-2013 Gerald Combs [email protected] and contributors. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GLib 2.28.8, with libpcap, with libz 1.2.3, without POSIX capabilities, with SMI 0.4.8, without c-ares, without ADNS, without Lua, without Python, with GnuTLS 2.8.5, with Gcrypt 1.4.5, with MIT Kerberos, without GeoIP.

Running on Linux 2.6.32-504.16.2.el6.x86_64, with locale en_US.UTF-8, with libpcap version 1.4.0, with libz 1.2.3.

Built using gcc 4.4.7 20120313 (Red Hat 4.4.7-15).

Thanks in advance ..

Regards

Asif

Need to print time in human readable format

Hello! Team,

1

1.

I need to get the time in human readable format with the use of the below command :

tshark -r file.cap.gz -q -z diameter,avp,272,CC-Request-Type,CC-Request-Number,Rating-Group,Result-Code

diameter,avp,272,CC-Request-Type,CC-Request-Number,Rating-Group,Result-Code frame='19857' time='1616436616.267048' src='172.21.198.162' srcport='35102' dst='172.20.56.36' dstport='3868' proto='diameter' msgnr='0' is_request='1' cmd='272' req_frame='19857' ans_frame='0' resp_time='0.000000' CC-Request-Type='1' CC-Request-Number='0' Rating-Group='8'

Rating-Group='8'

Currently, it shows the unix timestamp.

2

2.

With the below command, i am not getting the col.Info

TZ=EST5EDT tshark -nr kub2-4.wlk-mtce-1.vzwops.com-20210322181013.pcap.gz -T fields -E separator=',' -e frame.time -e ip.src -e tcp.srcport -e ip.dst -e tcp.dstport -e proto -e diameter.flags.request -e diameter.cmd.code -e diameter.answer_to -e diameter.answer_in -e diameter.resp_time -e diameter.Session-Id -e diameter.CC-Request-Type -e diameter.CC-Request-Number -e diameter.Result-code -e col.Info

col.Info Running as user "root" and group "asifa". This could be dangerous. Mar 22, 2021 14:10:13.953618000,,,,,,,,,,,,,,, Mar 22, 2021 14:10:13.950131000,172.18.120.6,32770,172.18.120.5,1029,,,,,,,,,,, Mar 22, 2021 14:10:13.950585000,172.21.198.154,40896,172.20.56.6,3009,,,,,,,,,,, Mar 22, 2021 14:10:13.950600000,172.21.198.154,40896,172.20.56.6,3009,,,,,,,,,,, Mar 22, 2021 14:10:13.951051000,172.21.198.154,40902,172.20.56.6,3009,,,,,,,,,,, Mar 22, 2021 14:10:13.951062000,172.21.198.154,40902,172.20.56.6,3009,,,,,,,,,,, Mar 22, 2021 14:10:13.951089000,172.21.198.154,44484,172.20.56.6,3009,,,,,,,,,,, Mar 22, 2021 14:10:13.951102000,172.21.198.154,44484,172.20.56.6,3009,,,,,,,,,,,

14:10:13.951102000,172.21.198.154,44484,172.20.56.6,3009,,,,,,,,,,, [root@pcrf125 vz]# tshark -v TShark 1.8.10 (SVN Rev Unknown from unknown)

unknown) Copyright 1998-2013 Gerald Combs [email protected] <[email protected]> and contributors. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

PURPOSE. Compiled (64-bit) with GLib 2.28.8, with libpcap, with libz 1.2.3, without POSIX capabilities, with SMI 0.4.8, without c-ares, without ADNS, without Lua, without Python, with GnuTLS 2.8.5, with Gcrypt 1.4.5, with MIT Kerberos, without GeoIP.

GeoIP. Running on Linux 2.6.32-504.16.2.el6.x86_64, with locale en_US.UTF-8, with libpcap version 1.4.0, with libz 1.2.3.

1.2.3. Built using gcc 4.4.7 20120313 (Red Hat 4.4.7-15).[root@pcrf125 vz]# tshark -v TShark 1.8.10 (SVN Rev Unknown from unknown)

unknown) Copyright 1998-2013 Gerald Combs [email protected] <[email protected]> and contributors. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

PURPOSE. Compiled (64-bit) with GLib 2.28.8, with libpcap, with libz 1.2.3, without POSIX capabilities, with SMI 0.4.8, without c-ares, without ADNS, without Lua, without Python, with GnuTLS 2.8.5, with Gcrypt 1.4.5, with MIT Kerberos, without GeoIP.

GeoIP. Running on Linux 2.6.32-504.16.2.el6.x86_64, with locale en_US.UTF-8, with libpcap version 1.4.0, with libz 1.2.3.

1.2.3. Built using gcc 4.4.7 20120313 (Red Hat 4.4.7-15).

4.4.7-15).

Thanks in advance ..

Regards

Asif