From my test.cap file I need to extract the "timestamp of packet arrival" and "capture length" field What field parameter need to be given to tshark for extracting and saving as .txt or .csv asked 18 Nov '15, 04:34  hawa |
One Answer:
'frame.time' and 'frame.cap_len' are your candidates (don't be surprised by frame.time's verbosity, maybe you'd prefer 'frame.time_epoch'). Hint: use the "graphic" Wireshark, choose a packet, and go to the dissection window. When you click on a line in expanded view, you'll see the matching protocol field name, if it exists, in the bottommost status line of the window. So the parameters to tshark will be answered 18 Nov '15, 04:44  sindy edited 18 Nov '15, 04:46 |
thanks. it did the trick
OK. Although it may seem weird, the "thumb up" icon is raising my karma (thank you), but the checkmark icon marks the answer as useful for the others (questions with accepted answers are marked with different colour in the list). While anyone can press "thumbs up", only the one who asked the question can mark the answer as accepted. Please take one more click.