Wireshark-users: Re: [Wireshark-users] Neet Help Printing Tshark Time Value

From: "Glover, mike" <mglover@xxxxxxxxxxxxxxxx>
Date: Tue, 12 Jan 2010 02:16:33 -0500

I'd love to find a tshark-native answer to this as well -- my understanding from searching the
archives is that it isn't possible using '-T fields', but it might be possible to change the output format preferences.

I ended up just passing my tshark output through an awk script that converted the timestamp for me.

-mike

-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx on behalf of George Roebe
Sent: Tue 1/12/2010 1:18 AM
To: wireshark-users@xxxxxxxxxxxxx
Subject: [Wireshark-users] Neet Help Printing Tshark Time Value
 

I need some help printing the time using tshark. I have a trace trace01 and I'm running the following command:
tshark -r trace01 -R "wlan.sa == xx:xx:xx:xx:xx:xx" -t e -T text -T fields -e frame.time
I need the time printed to the console from the epoch: The time in seconds since epoch (Jan 1, 1970 00:00:00), and I thought (according to the man page) that that's what the -t e command would do. However, it doesn't seem to work: I get times like
Jan 19, 2009 13:07:54.974012000

Is there any way I can get the epoch times alone printed to the screen or to a file?

Greatly appreciated.
 		 	   		  
_________________________________________________________________
Hotmail: Powerful Free email with security by Microsoft.
http://clk.atdmt.com/GBL/go/196390710/direct/01/
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe

<<winmail.dat>>