Ravi Inder Singh
2014-09-01 04:26:38 UTC
When i gave following command on ubuntu
tshark -2 -F pcap -r tcpdump.pcap -R "tcp and ip" -w write.pcap
1) used -F pcap option i want e.pcap in old pcap format.
problem/issue :- When i open write.pcap it has loosed his old time/date
i.e. tcpdump.pcap was having 26 July 2014 with some time 10.12.34 but in
write.pcap it comes to 1970-01-01 with time 00.00.00 .
If i use -w option i will give raw packet but why it is loosing Time from
it.
Is any way to correct this situation with option or anything else.
Thanks,
Ravi
tshark -2 -F pcap -r tcpdump.pcap -R "tcp and ip" -w write.pcap
1) used -F pcap option i want e.pcap in old pcap format.
problem/issue :- When i open write.pcap it has loosed his old time/date
i.e. tcpdump.pcap was having 26 July 2014 with some time 10.12.34 but in
write.pcap it comes to 1970-01-01 with time 00.00.00 .
If i use -w option i will give raw packet but why it is loosing Time from
it.
Is any way to correct this situation with option or anything else.
Thanks,
Ravi