Hi,
In fact I got similar request for VoIP calls dialog, and committed it
partially (rev 32099). I guess we should create a application wide time
format preference and implement this in the various displays. Not a trivial
task I assume.
Thanks,
Jaap
On Wed, 5 May 2010 08:56:20 +0200, Sake Blok <sake@xxxxxxxxxx> wrote:
> On 5 mei 2010, at 08:35, Jan Meier wrote:
>
>> Is there any known way to get time and date displayed in the Statistics
>> -> "Conversations" -> tcp-table ? Or any other way to get the starts
(end
>> would be a bonus) of tcp conversations computed ?
>>
>> Of course one can calculate with the relative beginning shown in the
>> table and add that to the first packets timestamp in the capture file.
>>
>> I also tried a couple of other tools like tshark, ngrep etc - but a
>> conversations view of tcp connections with date/time (not relative)
>> timestamps doesnt seem to be a usual use case.
>>
>> Any help or advise is aprreciated.
>
> How about :
>
> tshark -r <file> -T fields -e frame.time -e tcp.stream -e ip.src -e
> tcp.srcport -e ip.dst -e tcp.dstport "tcp.flags.syn==1 &&
tcp.flags.ack==0"
>
> It does not give you the end as a bonus, for that you might want to
write
> a little shell/perl/... script
>
> Cheers,
> Sake