[Pascal Quantin <pascal.quantin@xxxxxxxxx>]

Hi Chema,

2017-03-30 1:32 GMT+02:00 Chema Gonzalez <chema@xxxxxxxxxx>:

Hi,

I'm using tshark to extract some fields from packet traces. Using `-e
tcp.seq`, tshark prints the relative sequence number. I'd like to
print the raw (absolute) at the same time. I don't think this is
possible right now (but please let me know if that's the case).

A quick check at the code suggests I need to set tcp_relative_seq to
FALSE to have absolute tcp seq numbers. I can't see how to set this
value using the tshark CLI.

simply add the following to your command line:
-o "tcp.relative_sequence_numbers: false"

so your command becomes:

tshark -r test.pcapng -T fields -e tcp.seq -o "tcp.relative_sequence_numbers: false"

 

Final question: Any hints on what's the best way to add a "tcp.rawseq"
("tcp.seqraw"?) option?

Given that there is already an option for this, is it really required ?
 

Thanks,
-Chema
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@wireshark.org?subject=unsubscribe