Menu
I am working on a parsing script for a bunch of regular small pcap files created with tshark.
What I need is to extract the precise (down to milliseconds) timestamp of the first packet in the capture and the last one. I tried "capinfos myfile" but that has a precision down to seconds and for captures lasting less than one second that's not very helpful.
Does anyone know how I can grab that info?
576
Run capinfos -c to display the number of packets:
$ capinfos -c lmt_04.pcap
File name: lmt_04.pcap
Number of packets: 1645
Run TShark -T fields to print the frame.time of the first and the last packet:
$ tshark -r lmt_04.pcap -R "frame.number==1 || frame.number==1645" -T fields -e frame.time
Aug 28, 2009 21:29:24.491572000
Aug 28, 2009 21:30:36.747868000
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
