Re: getting absolute time of packet

[Bill Meier <wmeier () newsguy com>]

On 12/27/2012 7:15 AM, yuva raj wrote:
> hi,
>
> I am using tethereal.  I captured few packets, in which 10th packet is
> tcp with timestamp 1.2436.
>
> I set a filter for tcp and saved the filtered packets to another file.
>   The resultant file the tcp packet as first packet and timestamp as 0.0000
>
> Can someone tell me how to save the filtered packets and keep the
> timestamp intact.  I want to get the timestamp 1.2436, as it is in my
> resultant file.
>
> I tried the options in tethereal '-t a' and '-t r', but both resulted
> the same, i.e. timestamp 0.0000
>
> Thanks in advance.
> uv.


tethereal is absolutely ancient. to answer your question, at a start I'd 
have to dig up the old man page to see what capabilities were available.

If you can, I suggest you install a current version of Wireshark (which 
includes tshark which is the renamed version of tethereal) and try again.


I would certainly expect that tshark should handle the timestamps as you 
desire.



___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request () wireshark org?subject=unsubscribe