On Mar 4, 2015, at 9:08 AM, "Noel, Andre (6024395)" <andre.noel@xxxxxxx> wrote:
> One of my colleague have run into situations with Wireshark where it captures incorrect system time? Like 1970 for the year???
> He loaded the airpcap feature on is home pc to capture wifi packets from his laptop as part of the HP / INTEL trouble we have open. Commview captured time 11 minutes out, but Wireshark defaults back to 1970-01-01 for some reason…
>
> I don’t see why he is have this issue.
>
> He’s tried Wireshark V. 1.12.3 and backed down to V. 1.10.12. Both exhibit the same issue where date defaults to 1970-01-01 or 1969-12-31. He has reset time zone, date and time on the workstation. The workstation is also set to update time via NTP
Has he tried WinDump:
http://www.winpcap.org/windump/default.htm
If that also gives the same problem, as I suspect it will, this is probably either a problem with the AirPcap library or, if the time stamps come from the AirPcap hardware rather than the OS's kernel-level time stamp calls, with the AirPcap hardware; I suggest you contact Riverbed about this.