yichao0319 · October 31, 2013 03:15
diff --git a/tshark:filter field b/tshark:filter field
 http://www.wireshark.org/docs/dfref/i/ip.html
 tshark -r trace.pcap -R "ip.src == 28.222.232.44 && ip.dst == 69.171.224.14" -T fields -E separator=/t -e frame.number -e frame.time_epoch -e ip.src -e tcp.srcport -e ip.dst -e tcp.dstport -e tcp.options.timestamp.tsval -e http.user_agent
	http://www.wireshark.org/docs/dfref/i/ip.html
	tshark -r trace.pcap -R "ip.src == 28.222.232.44 && ip.dst == 69.171.224.14" -T fields -E separator=/t -e frame.number -e frame.time_epoch -e ip.src -e tcp.srcport -e ip.dst -e tcp.dstport -e tcp.options.timestamp.tsval -e http.user_agent