Ask Your Question
0

Timestamps not working

asked 2023-06-22 07:26:23 +0000

SGR gravatar image

Hi, I just installed Wireshark on two machines in order to track down "lost" webservice-calls: one instance on the machine running the WS, the other on the machine which calls the WS. What I'm missing is useful timestamp - per default, Whireshark is displaying a random date (2023-5-02 - no idea why) - "delta" always displays 0,0000. I tried every available time-value from the column's edit-list, but none was helpful. Is there a way to display the real timestamp?

TIA, Buzzy

edit retag flag offensive close merge delete

Comments

Are you using Wireshark to do the traffic capturing on both machines?

If so, what is displayed by the "About" menu item (under "Help" on most OSes, under the "Wireshark" menu in macOS) on both of those machines?

Guy Harris gravatar imageGuy Harris ( 2023-06-22 07:50:34 +0000 )edit

Both are running Version 4.0.5 (v4.0.5-0-ge556162d8da3).

SGR gravatar imageSGR ( 2023-06-22 08:06:18 +0000 )edit

We'd like the full contents of that dialog as it has other important info.

grahamb gravatar imagegrahamb ( 2023-06-22 08:11:48 +0000 )edit

Info:

Version 4.0.5 (v4.0.5-0-ge556162d8da3).

Compiled (64-bit) using Microsoft Visual Studio 2022 (VC++ 14.32, build 31332),
with GLib 2.72.3, with PCRE2, with zlib 1.2.12, with Qt 5.15.2, with libpcap,
with Lua 5.2.4, with GnuTLS 3.6.3 and PKCS #11 support, with Gcrypt 1.10.1, with
Kerberos (MIT), with MaxMind, with nghttp2 1.46.0, with brotli, with LZ4, with
Zstandard, with Snappy, with libxml2 2.9.14, with libsmi 0.4.8, with
QtMultimedia, with automatic updates using WinSparkle 0.5.7, with AirPcap, with
SpeexDSP (using bundled resampler), with Minizip, with binary plugins.

Running on 64-bit Windows Server 2019 (1809), build 17763, with Intel(R) Xeon(R)
Gold 6234 CPU @ 3.30GHz (with SSE4.2), with 32767 MB of physical memory, with
GLib 2.72.3, with PCRE2 10.40 2022-04-14, with Qt 5.15 ...
(more)
SGR gravatar imageSGR ( 2023-06-22 08:30:36 +0000 )edit

as it has other important info

...such as the operating system on which you're running and the version of that operating system and, if the operating system is Windows, the version of WinPcap or Npcap used.

If the capture was done by Wireshark running on that machine, that information will be required in order to try to determine why bad time stamps were, presumably, written to the file.

That's also why we need to know if that traffic was captured with Wireshark or with some other tool; if it was captured with some other tool, that might be a problem with that tool.

Guy Harris gravatar imageGuy Harris ( 2023-06-22 08:31:49 +0000 )edit

1 Answer

Sort by ยป oldest newest most voted
1

answered 2023-06-22 09:14:40 +0000

grahamb gravatar image

That's an npcap issue with version 1.74, the timestamps were not set correctly. See issue 668.

To fix, install a different version of npcap, the current release version is 1.75

edit flag offensive delete link more

Comments

Excellent, thanks for your support!

SGR gravatar imageSGR ( 2023-06-22 09:30:07 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2023-06-22 07:26:23 +0000

Seen: 201 times

Last updated: Jun 22 '23