Hi, To get some traffic statistics on multiple capture files in a folder, I am using a batch file running a simple tshark command e.g. "tshark -z io,stat,1,ip.addr==1.2.3.4" on each file one after the other, resulting in a large csv file containing the results. Unluckily, the statistics generated by this command use Relative Time i.e. timestamps start at zero for each new file. I was wondering why the output time format using tshark –z io,stat cannot be changed from relative to absolute, eg. using “–t ad”. I found on the mailing list a patch for tap-iostat.c which seem to allow such behaviour. http://www.wireshark.org/lists/wireshark-dev/200608/msg00213.html So maybe this question is for devs/advisors, could it be integrated into an upcoming release? Thanks! asked 16 Apr '12, 09:50  yul_analyzer |
One Answer:
I opened bug 7207 to ensure that patch doesn't get lost again. You might want to subscribe yourself to that bug to track its progress. answered 27 Apr '12, 07:27  JeffMorriss ♦ |
Patch has been applied on trunk and 1.8.0 is now including the corresponding revision, thx!