i need verify packets flowing between 2 phones , have collected tcpdump use of command:- tcpdump -s 65535 -w filename.pcap
then have converted file in text file command:- tshark -v -r packettb.pcap > asd.txt
but in text file don't see time stamp available, there command in unix can time stamp also, there way in tshark command can time stamp
as per prabhu's answer, unless there's horribly wrong version of tshark you're using, there should line saying like
arrival time: may 19, 1999 17:48:39.708517000 pdt in output of tshark; that's time stamp.
you can time stamp tcpdump.
if there fields of packet want, try -t fields option of tshark, using -e flag specify names of fields want. example, frame.time timestamp field.
Comments
Post a Comment