| Bug ID |
9747
|
| Summary |
Timestamps not preserved in tshark output file
|
| Classification |
Unclassified
|
| Product |
Wireshark
|
| Version |
1.10.5
|
| Hardware |
x86
|
| OS |
Mac OS X 10.8
|
| Status |
UNCONFIRMED
|
| Severity |
Normal
|
| Priority |
Low
|
| Component |
TShark
|
| Assignee |
[email protected]
|
| Reporter |
[email protected]
|
Created attachment 12551 [details]
zip file containing 3 pcaps as described in the bug description
Build Information:
TShark 1.10.5 (SVNRev 54262 from /trunk-1.10)
Copyright 1998-2013 Gerald Combs <[email protected]> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled (64-bit) with GLib 2.36.0, with libpcap, with libz 1.2.3, without
POSIX
capabilities, without libnl, with SMI 0.4.8, without c-ares, without ADNS, with
Lua 5.1, without Python, with GnuTLS 2.12.19, with Gcrypt 1.5.0, with MIT
Kerberos, with GeoIP.
Running on Mac OS X 10.8.5, build 12F45 (Darwin 12.5.0), with locale
en_US.UTF-8, with libpcap version 1.1.1, with libz 1.2.5.
Intel(R) Core(TM) i7-3615QM CPU @ 2.30GHz
Built using llvm-gcc 4.2.1 (Based on Apple Inc. build 5658) (LLVM build
2336.9.00).
--
Timestamps are missing from a pcap created with tshark with the -w option.
I'm using tshark to extract specific TCP streams and write that to an output
pcap file using the -w option.
But, the frames in the output pcap do not have any timestamps or delta times
(they're all zero while in the original pcap there are timestamps and delta
times for the frames).
I'm attaching a zip file with 3 pcaps:
* flows-with-timestamps.pcap (original pcap with timestamps)
* tcp-0-wireshark.pcap (flow 0 exported via wireshark, has timestamps)
* tcp-0-tshark.pcap (flow 0 exported via tshark, timestamps missing)
Here's the tshark command that I used:
tshark -r flows-with-timestamps.pcap -2 -R "tcp.stream==0" -w tcp-0-tshark.pcap
You are receiving this mail because:
- You are watching all bug changes.