I know that with the -z io,stat,0.01 you can specify seconds as intervals, but what I want to do is list conv,ip every 1 ~ 10 milliseconds. tshark -q -r Test.pcapng -z conv,ip will give me all conversations but that's for a 34MByte file. I would hate to have to use editcap to break this 34MB file up into oodles of 1 ~ 10msec files and then run this command on all the oodles of files, but I find no way to specify start and stop time using tshark! Any recommendations? How about modifying/adding a new variable to the conv,ip command to like below: tshark -q -r Test.pcapng -z conv,ip,0.010 (dump conv,ip every 10 msecs) tshark -q -r Test.pcapng -z conv,ip,0.001 (dump conv,ip every msec) Cheers, asked 13 Mar '17, 23:24  wbenton |
This is a static archive of our old Q&A Site.
Please post any new questions and answers at ask.wireshark.org.
