Wireshark-users: Re: [Wireshark-users] How to change the time offset (timezone) for packet captur

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "sandeep nitta" <sandeep.nitta@xxxxxxxxx>
Date: Thu, 18 Dec 2008 10:52:57 +0530
As far as i know, you cannot change the way timestamps are being written into the packets by wireshark, since it always takes into account the system time.

since you already have a reference log  and also know the timezone for the packet which you have to compare against, you should be better off modifying the packet timestamps matching to that timezone.

say, your computer time is in IST which is GMT+5:30 and the packet trace which you want to compare against is in GMT, then you can use editcap to decrease the timestamps of all the packets in your trace by 5 hr 30 minutes.

Hope this helps,
Sandeep Nitta




On Thu, Dec 18, 2008 at 10:37 AM, Boaz Galil <boaz20@xxxxxxxxx> wrote:

 

Dear experts,

Is it possible to change the time offset (time zone) for packet capture? My main problem is that I have to analyze packet capture from different time zone and to use some kind of 3rd application log as a reference. The 3rd application reference is using the real time of the packet arrival (the original time) and wire shark by default use the time reference of the computer time setting that the application is being used.


Thanks in advance,
Boaz.
--
Boaz.

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe