Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Ethereal-users: Re: [Ethereal-users] Anybody know how to use editcap to modify the timestamps of

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Sake Blok <sake@xxxxxxxxxx>
Date: Thu, 6 Apr 2006 08:06:58 +0200
Yes, I do, by RTFM ;)

blok@for-gods-sake ~
$ tethereal -ta -r tmp.cap
  1 00:21:52.341298 213.206.125.35 -> 147.229.3.16 TCP 13372 > http [SYN] Seq=1893157956 Len=0 MSS=1460 TSV=73450120 TSER=0 WS=0
  2 00:21:52.378721 147.229.3.16 -> 213.206.125.35 TCP http > 13372 [SYN, ACK] Seq=2108860794 Ack=1893157957 Win=57344 Len=0 MSS=1460 WS=0 TSV=115486344 TSER=73450120
  3 00:21:52.379572 213.206.125.35 -> 147.229.3.16 TCP 13372 > http [ACK] Seq=1893157957 Ack=2108860795 Win=1460 Len=0 TSV=73450124 TSER=115486344
  4 00:21:52.380014 213.206.125.35 -> 147.229.3.16 HTTP GET /daily.cvd HTTP/1.1[Packet size limited during capture]
  5 00:21:52.425102 147.229.3.16 -> 213.206.125.35 HTTP HTTP/1.1 206 Partial Content[Packet size limited during capture]
  6 00:21:52.425166 147.229.3.16 -> 213.206.125.35 TCP http > 13372 [FIN, ACK] Seq=2108861618 Ack=1893158100 Win=57920 Len=0 TSV=115486348 TSER=73450124
  7 00:21:52.426846 213.206.125.35 -> 147.229.3.16 TCP 13372 > http [ACK] Seq=1893158100 Ack=2108861618 Win=7407 Len=0 TSV=73450128 TSER=115486348
  8 00:21:52.426918 213.206.125.35 -> 147.229.3.16 TCP 13372 > http [FIN, ACK] Seq=1893158100 Ack=2108861619 Win=7407 Len=0 TSV=73450128 TSER=115486348
  9 00:21:52.464643 147.229.3.16 -> 213.206.125.35 TCP http > 13372 [ACK] Seq=2108861619 Ack=1893158101 Win=57920 Len=0 TSV=115486352 TSER=73450128

blok@for-gods-sake ~
$ editcap -t 10 tmp.cap tmp2.cap

blok@for-gods-sake ~
$ tethereal -ta -r tmp2.cap
  1 00:22:02.341298 213.206.125.35 -> 147.229.3.16 TCP 13372 > http [SYN] Seq=1893157956 Len=0 MSS=1460 TSV=73450120 TSER=0 WS=0
  2 00:22:02.378721 147.229.3.16 -> 213.206.125.35 TCP http > 13372 [SYN, ACK] Seq=2108860794 Ack=1893157957 Win=57344 Len=0 MSS=1460 WS=0 TSV=115486344 TSER=73450120
  3 00:22:02.379572 213.206.125.35 -> 147.229.3.16 TCP 13372 > http [ACK] Seq=1893157957 Ack=2108860795 Win=1460 Len=0 TSV=73450124 TSER=115486344
  4 00:22:02.380014 213.206.125.35 -> 147.229.3.16 HTTP GET /daily.cvd HTTP/1.1[Packet size limited during capture]
  5 00:22:02.425102 147.229.3.16 -> 213.206.125.35 HTTP HTTP/1.1 206 Partial Content[Packet size limited during capture]
  6 00:22:02.425166 147.229.3.16 -> 213.206.125.35 TCP http > 13372 [FIN, ACK] Seq=2108861618 Ack=1893158100 Win=57920 Len=0 TSV=115486348 TSER=73450124
  7 00:22:02.426846 213.206.125.35 -> 147.229.3.16 TCP 13372 > http [ACK] Seq=1893158100 Ack=2108861618 Win=7407 Len=0 TSV=73450128 TSER=115486348
  8 00:22:02.426918 213.206.125.35 -> 147.229.3.16 TCP 13372 > http [FIN, ACK] Seq=1893158100 Ack=2108861619 Win=7407 Len=0 TSV=73450128 TSER=115486348
  9 00:22:02.464643 147.229.3.16 -> 213.206.125.35 TCP http > 13372 [ACK] Seq=2108861619 Ack=1893158101 Win=57920 Len=0 TSV=115486352 TSER=73450128

blok@for-gods-sake ~
$

As you can see "editcap -t 10 tmp.cap tmp2.cap" increased all timestamps
by 10 seconds.


Hope this helps,   Cheers,   Sake
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube