Wireshark-dev: Re: [Wireshark-dev] Set capture to TZ blah?

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Sat, 14 Mar 2015 13:07:43 -0700
On Mar 14, 2015, at 12:34 PM, Jeff Morriss <jeff.morriss.ws@xxxxxxxxx> wrote:

> On 03/14/2015 02:16 PM, Guy Harris wrote:
>> 
>> On Mar 14, 2015, at 8:00 AM, Niels de Vos <ndevos@xxxxxxxxxx> wrote:
>> 
>>> When I have captures and logs that do not match the timezone, I use the
>>> TZ environment variable to read the captures in the timezone of the
>>> logs, like:
>>> 
>>>    $ TZ=America/New_York tshark -r /path/to/capture.pcap.gz ....
>>> 
>>> or
>>> 
>>>    $ TZ=America/New_York wireshark /path/to/capture.pcap.gz
>> 
>> That would work on systems using the IANA tz database (and using the new tz naming scheme; I'm not sure whether Solaris does), so it'd work on, at minimum, most if not all Linux distributions, *BSD, and OS X.
>> 
>> However, it doesn't work on, for example, Windows, which doesn't use the IANA tz database.
> 
> (I think) the only thing that doesn't work on Windows is specifying the timezone in that format.  At least according to:
> 
> https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2629#c4
> 
> you can still set the TZ variable on Windows (in a command shell) and Wireshark will use it.  Presumably you just need to know the right format.

	https://msdn.microsoft.com/en-us/library/90s5c885.aspx

> (Personally I'm more used to doing things like TZ=PDT

	$ sw_vers
	ProductName:    Mac OS X
	ProductVersion: 10.8.5
	BuildVersion:   12F2501
	$ date
	Sat Mar 14 12:42:50 PDT 2015 
	$ TZ=PDT date
	Sat Mar 14 19:41:29 UTC 2015

Perhaps you meant "TZ=PST8PDT"?  That syntax dates back at least to System III:

	http://bitsavers.org/pdf/att/unix/System_III/UNIX_Users_Manual_Release_3_Jun80.pdf

(see the ENVIRON(7) page near the end), but wasn't used in V7 or BSD.  POSIX went with an extended version of that syntax:

	http://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap08.html

but Microsoft's doesn't support all the POSIX capabilities - in particular, the documentation does not claim that you can specify the *transition dates/times for daylight savings time/summer time*, so presumably it assumes the same rules as for your locale, which are likely to be wrong if the time zone setting you want for the capture is for a country other than, if you're in the US or Canada, the US or Canada or, if you're in Europe, another European country.

> than these fancy new-fangled TZ names;

"New-fangled" presumably meaning "prior to 1986", when the tz database was first introduced.  The advantage of the Olson/IANA names is that the names don't themselves incorporate the transition rules, the way the POSIX strings do, but do *identify* them, which the old-style UNIX TZ and Microsoft TZ settings don't.