http.time using tshark [closed]

Hi,

http.time is calculated by Wireshark.

Can tshark calculate http.time? I mean a command like "tshark -r test.pcap -T fields -e http.time > test.pcap.tshark.txt" I need to use tshark and calculate http.time using tshark.

Best regards, Babak

updated 2018-11-29 03:22:15 +0000

This post is a wiki. Anyone with karma >750 is welcome to improve it.

edit flag offensive 0 remove flag reopen merge delete

Closed for the following reason "the question is answered, right answer was accepted" by Babak 2018-11-30 15:41:10 +0000

An example of a command to use to calculate http.time with TShark is

tshark -r test.pcap -T fields -e http.time > test.pcap.tshark.txt

:-)

(It's calculated by the HTTP dissector in libwireshark, which is used both by Wireshark and TShark to dissect packets.)

19.9k

Guy Harris

answered 2018-11-29 06:55:59 +0000, updated 2018-11-29 06:56:35 +0000

edit flag offensive 0 remove flag delete link

Comments

It does not work.

Babak (2018-11-29 13:32:22 +0000) edit

tshark -r test.pcap -T fields -e http.time > test.pcap.tshark.txt

This command works in Windows, but it does not work in Linux. Why? Do you have any idea?

Babak (2018-11-29 16:13:08 +0000) edit

I updated my tshark in Linux to 2.2.5 and it is fine. I do not have any problem for calculating http.time in Linux.

Babak (2018-11-30 15:40:36 +0000) edit

add a comment see more comments

http.time using tshark [closed] edit

Comments

1 Answer

Comments

http.time using tshark [closed]