Wireshark mailing list archives
Re: Time synchronization for capturing packets
From: Stephen Fisher <steve () stephen-fisher com>
Date: Thu, 25 Aug 2011 13:07:33 -0600
On Thu, Aug 25, 2011 at 11:30:09AM +0200, Bartosz Kiziukiewicz wrote:
I'm using two or more separate Windows machines for capturing traffic in a few network points. The problem is that every machine has a different RTC time (even if the difference is a few seconds). That complicates the correct correlation of traffic dumps.
You can modify timestamps in capture files using the editcap command line utility. In the most recent development versions of Wireshark (http://www.wireshark.org/download/automated/), there is a new feature under the Edit menu called "Time Shift" that has various choices for modifying the timestamps of packets: Shift all packets / Time offset Set (one) packet to time Set packets to time and extrapolate ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- Time synchronization for capturing packets Bartosz Kiziukiewicz (Aug 25)
- Re: Time synchronization for capturing packets Graham Bloice (Aug 25)
- Re: Time synchronization for capturing packets Bartosz Kiziukiewicz (Aug 25)
- Re: Time synchronization for capturing packets Graham Bloice (Aug 25)
- Re: Time synchronization for capturing packets Bartosz Kiziukiewicz (Aug 25)
- Re: Time synchronization for capturing packets Stephen Fisher (Aug 25)
- Re: Time synchronization for capturing packets Bartosz Kiziukiewicz (Aug 25)
- Re: Time synchronization for capturing packets Graham Bloice (Aug 25)