To get some traffic statistics on multiple capture files in a folder, I am using a batch file running a simple tshark command e.g. "tshark -z io,stat,1,ip.addr==18.104.22.168" on each file one after the other, resulting in a large csv file containing the results.
Unluckily, the statistics generated by this command use Relative Time i.e. timestamps start at zero for each new file.
I was wondering why the output time format using tshark –z io,stat cannot be changed from relative to absolute, eg. using “–t ad”. I found on the mailing list a patch for tap-iostat.c which seem to allow such behaviour. http://www.wireshark.org/lists/wireshark-dev/200608/msg00213.html
So maybe this question is for devs/advisors, could it be integrated into an upcoming release? Thanks!
asked 16 Apr '12, 09:50
I opened bug 7207 to ensure that patch doesn't get lost again. You might want to subscribe yourself to that bug to track its progress.
answered 27 Apr '12, 07:27