On Sat, Mar 14, 2015 at 11:16:07AM -0700, Guy Harris wrote:
>
> On Mar 14, 2015, at 8:00 AM, Niels de Vos <ndevos@xxxxxxxxxx> wrote:
>
> > When I have captures and logs that do not match the timezone, I use the
> > TZ environment variable to read the captures in the timezone of the
> > logs, like:
> >
> > $ TZ=America/New_York tshark -r /path/to/capture.pcap.gz ....
> >
> > or
> >
> > $ TZ=America/New_York wireshark /path/to/capture.pcap.gz
>
> That would work on systems using the IANA tz database (and using the new tz naming scheme; I'm not sure whether Solaris does), so it'd work on, at minimum, most if not all Linux distributions, *BSD, and OS X.
>
> However, it doesn't work on, for example, Windows, which doesn't use the IANA tz database.
>
> (That's why I suggested that we might want to incorporate the tz database in Wireshark.)
Oh, yes indeed. Some people might still run an operating system that
does not support that...
Thanks,
Niels