Ask Your Question
0

Is it possible to update the wireshark reference time with windows time update after started capturing?

asked 2021-04-27 10:56:23 +0000

ali gravatar image

While capturing the network, the windows time was updated with a NTP server. Although the change of windows time, the wireshark reference time could not be updated. So, is it possible to update the wireshark reference time (arrival time) with windows time update after started capturing?

edit retag flag offensive close merge delete

Comments

From "(arrival time)" I assume by "reference time"you don't mean the "time reference that's set by Edit > Set/Unset Time Reference.

Every packet captured has an arrival time; are you talking about updating the arrival times of packets that have already been captured, or are you talking about making sure all packets captures after the system time was updated have arrival times that reflect the system time change?

Guy Harris gravatar imageGuy Harris ( 2021-04-28 06:16:00 +0000 )edit
add a comment

1 Answer

Sort by ยป oldest newest most voted
0

answered 2021-04-27 14:35:15 +0000

Chuckc gravatar image

Timestamps are added by the capture:
"Wireshark itself doesn't generate the timestamp so there's nothing Wireshark can do about it."

If using npcap for capture on Windows, there is an open issue related to time being adjusted by NTP.

edit flag offensive delete link more
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

subscribe to rss feed

Stats

Asked: 2021-04-27 10:56:23 +0000

Seen: 302 times

Last updated: Apr 27 '21

Related questions

Inconsistent Wireshark Arrival Times

Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2