Wireshark · Wireshark-users: Re: [Wireshark-users] Capturing and merging files from different machines

Wireshark-users: Re: [Wireshark-users] Capturing and merging files from different machines

From: Jeff Morriss <jeff.morriss.ws@xxxxxxxxx>

Date: Wed, 18 Jun 2008 17:44:22 -0400



Chris Swinney wrote:

I may have miss read the merged file. I'm not sure if the merged file is totally correct as I seem to be getting responses before requests, but they DO appear to be in chronological order. I'm not sure at which point the time stamp is applied to the packet and if the sniffing PC's have any effect on this - I think not. I assume that the time stamp is applied to the header by whatever device sent the packet, not by a device listening.

The timestamps are put in by the capturing device (though where in thestack this happens varies by OS)--so having the 2 systems NTP sync'dwould certainly help.

References:
- [Wireshark-users] Capturing and merging files from different machines
  - From: Chris Swinney
- Re: [Wireshark-users] Capturing and merging files from different machines
  - From: Jeff Morriss
- Re: [Wireshark-users] Capturing and merging files from different machines
  - From: Chris Swinney

Prev by Date: Re: [Wireshark-users] Accessing Capture interface details?
Next by Date: Re: [Wireshark-users] Capturing and merging files from different machines
Previous by thread: Re: [Wireshark-users] Capturing and merging files from different machines
Next by thread: Re: [Wireshark-users] Capturing and merging files from different machines
Index(es):
- Date
- Thread