Ask Your Question
0

time not working - always shows boot time of PC

asked 2023-04-24 09:30:58 +0000

LBee gravatar image

Running Wireshark 4.0.5 on Win 11 a have an issue with time column - It always shows boot-time of PC, instead of the time the packet was captured.

I have tried downloading v.4.0.4 (portable) but the issue is the same. Also tried the different "Time Display Formats", but it just shows the boot-time in different ways.

If I open a command prompt, and execute the "time"-command it shows the actual time

Any idea what could be wrong?

/L

edit retag flag offensive close merge delete

Comments

What version of npcap are you using, this will be shown in the "Running on" section of the Help->About Wireshark dialog.

grahamb gravatar imagegrahamb ( 2023-04-24 09:59:55 +0000 )edit

Hi Graham

Looks like 1.74

Running on 64-bit Windows (22H2), build 22624, with AMD Ryzen 7 2700 Eight-Core Processor (with SSE4.2), with 65467 MB of physical memory, with GLib 2.72.3, with PCRE2 10.40 2022-04-14, with Qt 5.15.2, with Npcap version 1.74, based on libpcap version 1.10.3, with c-ares 1.18.1, with GnuTLS 3.6.3, with Gcrypt 1.10.1, with nghttp2 1.46.0, with brotli 1.0.9, with LZ4 1.9.3, with Zstandard 1.5.2, without AirPcap, with light display mode, without HiDPI, with LC_TYPE=English_United Kingdom.utf8, binary plugins supported.
LBee gravatar imageLBee ( 2023-04-24 10:04:39 +0000 )edit

1 Answer

Sort by ยป oldest newest most voted
0

answered 2023-04-24 10:16:53 +0000

grahamb gravatar image

updated 2023-04-24 10:50:51 +0000

OK, like you I have manually installed npcap 1.74 and have the same issue, timestamps in captures are all identical and look to be the PC boot time.

This would be an npcap issue, I have raised it on their GitHub issue tracker, see here.

Edit, fixed npcap issue link,

edit flag offensive delete link more

Comments

I un-installed wireshark + npcap, an rebooted my PC. Then downloaded, and installed Wireshark (with pcap).

When starting Wireshark it came with a message about I have to disable "promiscuous mode" on the interface. Did that, and now time-column are showing correct values.

I didn't get that message, when I installed the pcap manually - maybe disabling that could have solved the issue in the first place (dont know what "promiscuous mode" is/does).

At least there is a workaround for the issue

Thanks for your help

LBee gravatar imageLBee ( 2023-04-24 10:34:39 +0000 )edit

You've probably reverted to an older version of npcap. Wireshark 4.0.5 comes with npcap 1.71 that has the "promiscuous mode" issue, e.g. here.

grahamb gravatar imagegrahamb ( 2023-04-24 10:54:20 +0000 )edit

@grahamb: Maybe you want to amend the npcap issue, which lists the Npcap version as 1.7.4, while it's 1.74

Jaap gravatar imageJaap ( 2023-04-24 11:08:22 +0000 )edit

You're right of course - I didn't think of that when I installed it.

LBee gravatar imageLBee ( 2023-04-24 11:09:37 +0000 )edit

@Jaap, fixed.

grahamb gravatar imagegrahamb ( 2023-04-24 11:32:13 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2023-04-24 09:30:58 +0000

Seen: 404 times

Last updated: Apr 24 '23