On 12/27/2012 7:15 AM, yuva raj wrote:
hi,
I am using tethereal. I captured few packets, in which 10th packet is
tcp with timestamp 1.2436.
I set a filter for tcp and saved the filtered packets to another file.
The resultant file the tcp packet as first packet and timestamp as 0.0000
Can someone tell me how to save the filtered packets and keep the
timestamp intact. I want to get the timestamp 1.2436, as it is in my
resultant file.
I tried the options in tethereal '-t a' and '-t r', but both resulted
the same, i.e. timestamp 0.0000
Thanks in advance.
uv.
tethereal is absolutely ancient. to answer your question, at a start I'd
have to dig up the old man page to see what capabilities were available.
If you can, I suggest you install a current version of Wireshark (which
includes tshark which is the renamed version of tethereal) and try again.
I would certainly expect that tshark should handle the timestamps as you
desire.