Hi Chema,
2017-03-30 1:32 GMT+02:00 Chema Gonzalez <[email protected]>:
> Hi,
>
> I'm using tshark to extract some fields from packet traces. Using `-e
> tcp.seq`, tshark prints the relative sequence number. I'd like to
> print the raw (absolute) at the same time. I don't think this is
> possible right now (but please let me know if that's the case).
>
> A quick check at the code suggests I need to set tcp_relative_seq to
> FALSE to have absolute tcp seq numbers. I can't see how to set this
> value using the tshark CLI.
>
simply add the following to your command line:
-o "tcp.relative_sequence_numbers: false"
so your command becomes:
tshark -r test.pcapng -T fields -e tcp.seq -o
"tcp.relative_sequence_numbers: false"
>
> Final question: Any hints on what's the best way to add a "tcp.rawseq"
> ("tcp.seqraw"?) option?
>
Given that there is already an option for this, is it really required ?
>
> Thanks,
> -Chema
> ____________________________________________________________
> _______________
> Sent via: Wireshark-dev mailing list <[email protected]>
> Archives: https://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
> mailto:[email protected]?subject=
> unsubscribe
>
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <[email protected]>
Archives: https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:[email protected]?subject=unsubscribe
