When i gave following command on ubuntu tshark -2 -F pcap -r tcpdump.pcap -R "tcp and ip" -w write.pcap
1) used -F pcap option i want e.pcap in old pcap format. problem/issue :- When i open write.pcap it has loosed his old time/date i.e. tcpdump.pcap in its Time column is having 26 July 2014 with some time 10.12.34 , but in write.pcap it comes to 1970-01-01 with time 00.00.00 in Time column. If i use -w option i will give raw packet but why it is loosing Time from it. i.e. i want my Time to be intact rather that going to default time. Is any way to correct this situation with option or anything else. Thanks, Ravi
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
