Wireshark mailing list archives
Re: Set capture to TZ blah?
From: Michal Labedzki <michal.labedzki () tieto com>
Date: Mon, 16 Mar 2015 08:20:58 +0100
I know this issue. I use "View -> Timeshift -> Shift all packet (+8:00:00)" what add 8 hours to all packets timestamp. Of course you must know what the time difference between logs, but to this day it works for me. Is TZ (and DST) saved in pcapng? I this it should. Like machine endianess. On 14 March 2015 at 21:07, Guy Harris <guy () alum mit edu> wrote:
On Mar 14, 2015, at 12:34 PM, Jeff Morriss <jeff.morriss.ws () gmail com> wrote:On 03/14/2015 02:16 PM, Guy Harris wrote:On Mar 14, 2015, at 8:00 AM, Niels de Vos <ndevos () redhat com> wrote:When I have captures and logs that do not match the timezone, I use the TZ environment variable to read the captures in the timezone of the logs, like: $ TZ=America/New_York tshark -r /path/to/capture.pcap.gz .... or $ TZ=America/New_York wireshark /path/to/capture.pcap.gzThat would work on systems using the IANA tz database (and using the new tz naming scheme; I'm not sure whether Solaris does), so it'd work on, at minimum, most if not all Linux distributions, *BSD, and OS X. However, it doesn't work on, for example, Windows, which doesn't use the IANA tz database.(I think) the only thing that doesn't work on Windows is specifying the timezone in that format. At least according to: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2629#c4 you can still set the TZ variable on Windows (in a command shell) and Wireshark will use it. Presumably you just need to know the right format.https://msdn.microsoft.com/en-us/library/90s5c885.aspx(Personally I'm more used to doing things like TZ=PDT$ sw_vers ProductName: Mac OS X ProductVersion: 10.8.5 BuildVersion: 12F2501 $ date Sat Mar 14 12:42:50 PDT 2015 $ TZ=PDT date Sat Mar 14 19:41:29 UTC 2015 Perhaps you meant "TZ=PST8PDT"? That syntax dates back at least to System III: http://bitsavers.org/pdf/att/unix/System_III/UNIX_Users_Manual_Release_3_Jun80.pdf (see the ENVIRON(7) page near the end), but wasn't used in V7 or BSD. POSIX went with an extended version of that syntax: http://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap08.html but Microsoft's doesn't support all the POSIX capabilities - in particular, the documentation does not claim that you can specify the *transition dates/times for daylight savings time/summer time*, so presumably it assumes the same rules as for your locale, which are likely to be wrong if the time zone setting you want for the capture is for a country other than, if you're in the US or Canada, the US or Canada or, if you're in Europe, another European country.than these fancy new-fangled TZ names;"New-fangled" presumably meaning "prior to 1986", when the tz database was first introduced. The advantage of the Olson/IANA names is that the names don't themselves incorporate the transition rules, the way the POSIX strings do, but do *identify* them, which the old-style UNIX TZ and Microsoft TZ settings don't. ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
-- Pozdrawiam / Best regards ------------------------------------------------------------------------------------------------------------- Michał Łabędzki, Software Engineer Tieto Corporation Product Development Services http://www.tieto.com / http://www.tieto.pl --- ASCII: Michal Labedzki location: Swobodna 1 Street, 50-088 Wrocław, Poland room: 5.01 (desk next to 5.08) --- Please note: The information contained in this message may be legally privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, you are hereby notified that any unauthorised use, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. Thank You. --- Please consider the environment before printing this e-mail. --- Tieto Poland spółka z ograniczoną odpowiedzialnością z siedzibą w Szczecinie, ul. Malczewskiego 26. Zarejestrowana w Sądzie Rejonowym Szczecin-Centrum w Szczecinie, XIII Wydział Gospodarczy Krajowego Rejestru Sądowego pod numerem 0000124858. NIP: 8542085557. REGON: 812023656. Kapitał zakładowy: 4 271500 PLN ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Set capture to TZ blah? Richard Sharpe (Mar 13)
- Re: Set capture to TZ blah? Guy Harris (Mar 13)
- Re: Set capture to TZ blah? Jeff Morriss (Mar 13)
- Re: Set capture to TZ blah? Niels de Vos (Mar 14)
- Re: Set capture to TZ blah? Guy Harris (Mar 14)
- Re: Set capture to TZ blah? Niels de Vos (Mar 14)
- Re: Set capture to TZ blah? Guy Harris (Mar 14)
- Re: Set capture to TZ blah? Jeff Morriss (Mar 14)
- Re: Set capture to TZ blah? Pascal Quantin (Mar 14)
- Re: Set capture to TZ blah? Guy Harris (Mar 14)
- Re: Set capture to TZ blah? Michal Labedzki (Mar 16)
- Re: Set capture to TZ blah? Richard Sharpe (Mar 16)
- Re: Set capture to TZ blah? Guy Harris (Mar 16)
- Re: Set capture to TZ blah? Guy Harris (Mar 14)