Wireshark-users: Re: [Wireshark-users] adding time and date while using display filters.

From: Oguz Yilmaz <oguzyilmazlist@xxxxxxxxx>
Date: Sat, 6 Mar 2010 21:14:24 +0200
Great.

Thanks Joan.


On Sat, Mar 6, 2010 at 9:04 PM, j.snelders <j.snelders@xxxxxxxxxx> wrote:
> Hi Oguz,
>
> Add -e frame.time:
> $ tshark -i 3 -f "(port 80)" -t dd -n -R "http.request" -T fields -e frame.time
>  -e ip.src -e ip.dst -e http.host -e http.request.uri
> Capturing on Broadcom NetXtreme Gigabit Ethernet Driver (Microsoft's Packet
> Scheduler)
> Mar  6, 2010 19:58:40.041613000 192.168.1.44     209.85.227.99   www.google.co.uk
>       /
> Mar  6, 2010 19:58:40.175683000 192.168.1.44     209.85.227.100  clients1.google.co.uk
>  /generate_204
>
> Best regards
> Joan
>
> On Sat, 6 Mar 2010 20:21:20 +0200 Oguz Yilmaz wrote:
>>
>>For the command line below, how can I add date and time information to
>>the output? What is the display filter for current time and date ?
>>
>>tshark -i eth0 -f "(port 80)" -t ad -n -R "http.request" -T fields -e
>>ip.src -e ip.dst -e http.host -e http.request.uri
>>
>>Current output is:
>>81.81.80.80  91.91.90.90   www.test.com        /index.html
>>
>>Best Regards,
>
>
>
>
>
>
> ___________________________________________________________________________
> Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
> Archives:    http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
>