Wireshark · Wireshark-users: Re: [Wireshark-users] Timestamps wrong on merged files

Wireshark-users: Re: [Wireshark-users] Timestamps wrong on merged files

From: Gerald Combs <gerald@xxxxxxxxxxxxx>

Date: Fri, 18 Jul 2008 08:51:32 -0700

Justin Alcorn wrote:
> I have 2 traces from a Wild Packets appliance that I need to merge. 
> They merge fine, but the timestamps are off by 6.38 seconds.  Turns out
> that the time syncing was broken on one of the appliances.  (Not my
> appliances, I had to ask favors to get the packet traces).
> 
> 
> Is there any utility to go into the one packet trace and push it's
> timestamps forward by 6.38 seconds, so that the merged files are
> readable?  An option to mergecap perhaps?

You can use editcap to do this. See the '-t' option at
http://www.wireshark.org/docs/man-pages/editcap.html

Follow-Ups:
- Re: [Wireshark-users] Timestamps wrong on merged files
  - From: Justin Alcorn

References:
- [Wireshark-users] Timestamps wrong on merged files
  - From: Justin Alcorn

Prev by Date: [Wireshark-users] Timestamps wrong on merged files
Next by Date: Re: [Wireshark-users] Support of GTP v2 and S1AP protocols
Previous by thread: [Wireshark-users] Timestamps wrong on merged files
Next by thread: Re: [Wireshark-users] Timestamps wrong on merged files
Index(es):
- Date
- Thread