Re: [Wireshark-dev] tshark: access to tcp raw seq number

Hi, On Thu, Mar 30, 2017 at 12:23 AM, Pascal Quantin <pascal.quan...@gmail.com> wrote: > Hi Chema, > > 2017-03-30 1:32 GMT+02:00 Chema Gonzalez <ch...@google.com>: >> >> Hi, >> >> I'm using tshark to extract some fields from packet traces. Usin

Re: [Wireshark-dev] tshark: access to tcp raw seq number

s user 3m1.468s sys 0m3.396s $ python -c "print (184-156) / 156." 0.179487179487 -Chema On Thu, Mar 30, 2017 at 10:16 AM, Chema Gonzalez <ch...@google.com> wrote: > On Thu, Mar 30, 2017 at 10:03 AM, Peter Wu <pe...@lekensteyn.nl> wrote: >> On Thu, Mar 30, 2017 at 0

Re: [Wireshark-dev] tshark: access to tcp raw seq number

On Thu, Mar 30, 2017 at 9:15 AM, Peter Wu wrote: >> My goal was getting both at the same time. Unless I'm mistaken, I can >> only get either the relative or the absolute seq number. > > If you can parse the PDML (XML) output (tshar -Tpdml), the data is > already there: > >

Re: [Wireshark-dev] tshark: access to tcp raw seq number

On Thu, Mar 30, 2017 at 10:03 AM, Peter Wu <pe...@lekensteyn.nl> wrote: > On Thu, Mar 30, 2017 at 09:40:13AM -0700, Chema Gonzalez wrote: > [..] >> > Alternatively, you could use a Lua post-dissector to parse out the >> > buffer that backs the field ("seq.

[Wireshark-dev] tshark: access to tcp raw seq number

Hi, I'm using tshark to extract some fields from packet traces. Using `-e tcp.seq`, tshark prints the relative sequence number. I'd like to print the raw (absolute) at the same time. I don't think this is possible right now (but please let me know if that's the case). A quick check at the code