Hi,
Could you please advise how to display absolute time in tshark output. Now I'm trying to add "-e _ws.col.AbsTime" but nothing is displaying in this field.
Full command looks like:
tshark -r /var/lib/tshark/dump/traffic_dump.pcap -Y "(fix.MsgType ~ D or fix.MsgType ~ F or fix.MsgType ~ G) and not tcp.analysis.retransmission" -T fields -E header=y -e frame.time -e frame.time_epoch -e fix.MsgType -e fix.ClOrdID -e fix.SenderCompID -e fix.ExecType -e fix.TargetCompID -e _ws.col.AbsTime
Tshark version: TShark (Wireshark) 2.6.3 (v2.6.3)
Thanks in advance!
