Wireshark · Wireshark-users: Re: [Wireshark-users] Timestamps wrong on merged files

Wireshark-users: Re: [Wireshark-users] Timestamps wrong on merged files

From: "Justin Alcorn" <justin@xxxxxxxxxxx>

Date: Fri, 18 Jul 2008 12:32:43 -0400

Thanks, I found it after asking, and it worked great. Wonderful!

On Fri, Jul 18, 2008 at 11:51 AM, Gerald Combs <gerald@xxxxxxxxxxxxx> wrote:

Justin Alcorn wrote:
> I have 2 traces from a Wild Packets appliance that I need to merge.
> They merge fine, but the timestamps are off by 6.38 seconds. Turns out
> that the time syncing was broken on one of the appliances. (Not my
> appliances, I had to ask favors to get the packet traces).
>
>
> Is there any utility to go into the one packet trace and push it's
> timestamps forward by 6.38 seconds, so that the merged files are
> readable? An option to mergecap perhaps?

You can use editcap to do this. See the '-t' option at
http://www.wireshark.org/docs/man-pages/editcap.html
_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
https://wireshark.org/mailman/listinfo/wireshark-users

--
--
Justin B. Alcorn

References:
- [Wireshark-users] Timestamps wrong on merged files
  - From: Justin Alcorn
- Re: [Wireshark-users] Timestamps wrong on merged files
  - From: Gerald Combs

Prev by Date: Re: [Wireshark-users] Support of GTP v2 and S1AP protocols
Next by Date: [Wireshark-users] Building Dissector into Wireshark
Previous by thread: Re: [Wireshark-users] Timestamps wrong on merged files
Next by thread: [Wireshark-users] Building Dissector into Wireshark
Index(es):
- Date
- Thread