Wireshark · Wireshark-users: Re: [Wireshark-users] Time synchronization for capturing packets

Wireshark-users: Re: [Wireshark-users] Time synchronization for capturing packets

From: Stephen Fisher <steve@xxxxxxxxxxxxxxxxxx>

Date: Thu, 25 Aug 2011 13:07:33 -0600

On Thu, Aug 25, 2011 at 11:30:09AM +0200, Bartosz Kiziukiewicz wrote:

> I'm using two or more separate Windows machines for capturing traffic 
> in a few network points. The problem is that every machine has a 
> different RTC time (even if the difference is a few seconds). That 
> complicates the correct correlation of traffic dumps.

You can modify timestamps in capture files using the editcap command 
line utility.  In the most recent development versions of Wireshark 
(http://www.wireshark.org/download/automated/), there is a new feature 
under the Edit menu called "Time Shift" that has various choices for 
modifying the timestamps of packets:

	Shift all packets / Time offset

	Set (one) packet to time

	Set packets to time and extrapolate

Follow-Ups:
- Re: [Wireshark-users] Time synchronization for capturing packets
  - From: Bartosz Kiziukiewicz

References:
- [Wireshark-users] Time synchronization for capturing packets
  - From: Bartosz Kiziukiewicz

Prev by Date: Re: [Wireshark-users] Diameter [Malformed Packet: GTPv2]
Next by Date: Re: [Wireshark-users] Diameter [Malformed Packet: GTPv2]
Previous by thread: Re: [Wireshark-users] Time synchronization for capturing packets
Next by thread: Re: [Wireshark-users] Time synchronization for capturing packets
Index(es):
- Date
- Thread