Wireshark-users: Re: [Wireshark-users] Time synchronization for capturing packets
From: Stephen Fisher <steve@xxxxxxxxxxxxxxxxxx>
Date: Thu, 25 Aug 2011 13:07:33 -0600
On Thu, Aug 25, 2011 at 11:30:09AM +0200, Bartosz Kiziukiewicz wrote: > I'm using two or more separate Windows machines for capturing traffic > in a few network points. The problem is that every machine has a > different RTC time (even if the difference is a few seconds). That > complicates the correct correlation of traffic dumps. You can modify timestamps in capture files using the editcap command line utility. In the most recent development versions of Wireshark (http://www.wireshark.org/download/automated/), there is a new feature under the Edit menu called "Time Shift" that has various choices for modifying the timestamps of packets: Shift all packets / Time offset Set (one) packet to time Set packets to time and extrapolate
- Follow-Ups:
- Re: [Wireshark-users] Time synchronization for capturing packets
- From: Bartosz Kiziukiewicz
- Re: [Wireshark-users] Time synchronization for capturing packets
- References:
- [Wireshark-users] Time synchronization for capturing packets
- From: Bartosz Kiziukiewicz
- [Wireshark-users] Time synchronization for capturing packets
- Prev by Date: Re: [Wireshark-users] Diameter [Malformed Packet: GTPv2]
- Next by Date: Re: [Wireshark-users] Diameter [Malformed Packet: GTPv2]
- Previous by thread: Re: [Wireshark-users] Time synchronization for capturing packets
- Next by thread: Re: [Wireshark-users] Time synchronization for capturing packets
- Index(es):
