This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Why is -t option not working in tshark script?

0

I want to create .txt file contains frame.time, ip addresses, tcp ports and also the frame length. for frame time I want to save it in epoch format, but -t option didn't work!

tshark -r capture/flows/${nbase}/mainflow/${base}_$id.pcapng -T "text" -t "e" -T fields -E separator="/t" -e "frame.time" -e "ip.src" -e "tcp.srcport" -e "ip.dst" -e "tcp.dstport" -e "frame.len" > capture/flows/${nbase}/filtered/${base}_$id.txt

here is output:

Aug  9, 2016 16:58:57.657202000 125.108.4.179   443 10.42.0.16  46253   155
Aug  9, 2016 16:58:57.768886000 10.42.0.16  46253   125.108.4.179   443 155

what's wrong with this option?

asked 04 Sep '16, 00:41

Zahra's gravatar image

Zahra
318913
accept rate: 0%

edited 04 Sep '16, 01:11

sindy's gravatar image

sindy
6.0k4851

One Answer:

1

The manual says that the purpose of the -t option is to "set the format of the packet timestamp printed in summary lines." But you use -T and print the frame.time field, so -t does not affect the format. So use -e frame.time_epoch instead of -e frame.time to reach your goal.

answered 04 Sep '16, 01:10

sindy's gravatar image

sindy
6.0k4851
accept rate: 24%