On Tue, Jul 01, 2008 at 05:01:19PM +0800, Ian jonhson wrote:
> I would like to print the captured packet to standard oupout with
> epoch time formation. The command I used is:
>
> tshark -i 1 -n -f "udp port 8080" -t e -T fields -e frame.time -e
> XXXXXX > /tmp/my_tshark_data.$(date +%F-%T)
>
> The parameter "-t e" seems not to take effect.
This is because the -t e option only applies to the normal timestamps
that tshark shows, not to the frame.time field. The time format is
stored in the "recent" settings file. The easiest way to change this
would be to open Wiresdhark and change the time format from the View -
Time Display Format menu if you have access to the GUI. You could also
see if you have a ~/.wireshark/recent file and edit the gui.time_format
setting there.
Steve