Re: Capture start time

[Jaap Keuter <jaap.keuter () xs4all nl>]

Hi,

Maybe file creation time can help you here.
What does pcap-ng has to offer in this respect?

Thanks,
Jaap

Send from my iPhone

On 23 mrt 2010, at 19:11, Guy Harris <guy () alum mit edu> wrote:

> On Mar 23, 2010, at 10:30 AM, specop () gmx ch wrote:
>
> > As far as I understood it, Wireshark sets the capture start time to  
> > the moment the first packet arrives, right? So if I start the  
> > capture at time t and the first packet arrives at t+5s, the  
> > capture's start time will be initialized at t+5 (time 0.000s).  
> > Correct?
>
> I'm not sure Wireshark reports any notion of a capture start time.   
> If you display packet time stamps as "seconds since first packet",  
> then, obviously, the first packet will have a time stamp of 0 seconds.
>
> > Is there a way to determine the real capture start time (not the  
> > arrival of the first packet)? E.g. from a pcap file.
>
> It's definitely *not* possible with a pcap file, as a pcap file  
> doesn't store the time a capture started - it only stores the time  
> stamps of packets in the file.
> ___________________________________________________________________________
 

> Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org 
> >
> Archives:    http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>             mailto:wireshark-users-request () wireshark org?subject=unsubscribe
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe