Ask Your Question
0

Timestamps not working

asked 2023-06-22 07:26:23 +0000

SGR gravatar image

Hi, I just installed Wireshark on two machines in order to track down "lost" webservice-calls: one instance on the machine running the WS, the other on the machine which calls the WS. What I'm missing is useful timestamp - per default, Whireshark is displaying a random date (2023-5-02 - no idea why) - "delta" always displays 0,0000. I tried every available time-value from the column's edit-list, but none was helpful. Is there a way to display the real timestamp?

TIA, Buzzy

edit retag flag offensive close merge delete

Comments

Are you using Wireshark to do the traffic capturing on both machines?

If so, what is displayed by the "About" menu item (under "Help" on most OSes, under the "Wireshark" menu in macOS) on both of those machines?

Guy Harris gravatar imageGuy Harris ( 2023-06-22 07:50:34 +0000 )edit

Both are running Version 4.0.5 (v4.0.5-0-ge556162d8da3).

SGR gravatar imageSGR ( 2023-06-22 08:06:18 +0000 )edit

We'd like the full contents of that dialog as it has other important info.

grahamb gravatar imagegrahamb ( 2023-06-22 08:11:48 +0000 )edit

Info:

Version 4.0.5 (v4.0.5-0-ge556162d8da3).

Compiled (64-bit) using Microsoft Visual Studio 2022 (VC++ 14.32, build 31332),
with GLib 2.72.3, with PCRE2, with zlib 1.2.12, with Qt 5.15.2, with libpcap,
with Lua 5.2.4, with GnuTLS 3.6.3 and PKCS #11 support, with Gcrypt 1.10.1, with
Kerberos (MIT), with MaxMind, with nghttp2 1.46.0, with brotli, with LZ4, with
Zstandard, with Snappy, with libxml2 2.9.14, with libsmi 0.4.8, with
QtMultimedia, with automatic updates using WinSparkle 0.5.7, with AirPcap, with
SpeexDSP (using bundled resampler), with Minizip, with binary plugins.

Running on 64-bit Windows Server 2019 (1809), build 17763, with Intel(R) Xeon(R)
Gold 6234 CPU @ 3.30GHz (with SSE4.2), with 32767 MB of physical memory, with
GLib 2.72.3, with PCRE2 10.40 2022-04-14, with Qt 5.15 ...
(more)
SGR gravatar imageSGR ( 2023-06-22 08:30:36 +0000 )edit

as it has other important info

...such as the operating system on which you're running and the version of that operating system and, if the operating system is Windows, the version of WinPcap or Npcap used.

If the capture was done by Wireshark running on that machine, that information will be required in order to try to determine why bad time stamps were, presumably, written to the file.

That's also why we need to know if that traffic was captured with Wireshark or with some other tool; if it was captured with some other tool, that might be a problem with that tool.

Guy Harris gravatar imageGuy Harris ( 2023-06-22 08:31:49 +0000 )edit
see more comments

1 Answer

Sort by ยป oldest newest most voted
1

answered 2023-06-22 09:14:40 +0000

grahamb gravatar image

That's an npcap issue with version 1.74, the timestamps were not set correctly. See issue 668.

To fix, install a different version of npcap, the current release version is 1.75

edit flag offensive delete link more

Comments

Excellent, thanks for your support!

SGR gravatar imageSGR ( 2023-06-22 09:30:07 +0000 )edit
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2023-06-22 07:26:23 +0000

Seen: 170 times

Last updated: Jun 22 '23

Related questions

I'd like to extract the timestamp from the wireless LAN management frame

What is the syntax for wireshark custom column

why is my NTP client timestamp wrong?

NTP timestamp display

timestamp diameter after decode as

Who sets the value of Timestamps fields inside TCP?

Datetime in VoIP Call

What exactly mean TSval and TSecr

Convert timestamp to YYYY-MM-DDTHH:MM:SS

TTAG timestamp protocol from CISCO NDB

Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2