Wireshark mailing list archives

Re: Time synchronization for capturing packets

From: Stephen Fisher <steve () stephen-fisher com>
Date: Thu, 25 Aug 2011 13:07:33 -0600

On Thu, Aug 25, 2011 at 11:30:09AM +0200, Bartosz Kiziukiewicz wrote:

I'm using two or more separate Windows machines for capturing traffic 
in a few network points. The problem is that every machine has a 
different RTC time (even if the difference is a few seconds). That 
complicates the correct correlation of traffic dumps.


You can modify timestamps in capture files using the editcap command 
line utility.  In the most recent development versions of Wireshark 
(http://www.wireshark.org/download/automated/), there is a new feature 
under the Edit menu called "Time Shift" that has various choices for 
modifying the timestamps of packets:

        Shift all packets / Time offset

        Set (one) packet to time

        Set packets to time and extrapolate


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Current thread:

Time synchronization for capturing packets Bartosz Kiziukiewicz (Aug 25)
- Re: Time synchronization for capturing packets Graham Bloice (Aug 25)
  - Re: Time synchronization for capturing packets Bartosz Kiziukiewicz (Aug 25)
    - Re: Time synchronization for capturing packets Graham Bloice (Aug 25)
- Re: Time synchronization for capturing packets Stephen Fisher (Aug 25)
  - Re: Time synchronization for capturing packets Bartosz Kiziukiewicz (Aug 25)