On Mar 14, 2015, at 8:00 AM, Niels de Vos <ndevos@xxxxxxxxxx> wrote:
> When I have captures and logs that do not match the timezone, I use the
> TZ environment variable to read the captures in the timezone of the
> logs, like:
>
> $ TZ=America/New_York tshark -r /path/to/capture.pcap.gz ....
>
> or
>
> $ TZ=America/New_York wireshark /path/to/capture.pcap.gz
That would work on systems using the IANA tz database (and using the new tz naming scheme; I'm not sure whether Solaris does), so it'd work on, at minimum, most if not all Linux distributions, *BSD, and OS X.
However, it doesn't work on, for example, Windows, which doesn't use the IANA tz database.
(That's why I suggested that we might want to incorporate the tz database in Wireshark.)