First time here? Check out the FAQ!

Ask Your Question
0

Timestamps not working
 
  
 
  
 
 
 
 
 
 
    
        
        asked Jun 22 '3  
 
 SGR gravatar image  
 
 
 
 
 
Hi,
 I just installed Wireshark on two machines in order to track down "lost" webservice-calls: one instance on the machine running the WS, the other on the machine which calls the WS. What I'm missing is useful timestamp - per default, Whireshark is displaying a random date (2023-5-02 - no idea why) - "delta" always displays 0,0000. 
I tried every available time-value from the column's edit-list, but none was helpful. 
Is there a way to display the real timestamp? 
 
TIA, Buzzy
 
Preview: (hide)
 
 
 
 
          
 
Comments
Are you using Wireshark to do the traffic capturing on both machines?
If so, what is displayed by the "About" menu item (under "Help" on most OSes, under the "Wireshark" menu in macOS) on both of those machines?
Guy Harris gravatar imageGuy Harris (
    
        Jun 22 '3
    )
Both are running Version 4.0.5 (v4.0.5-0-ge556162d8da3).
SGR gravatar imageSGR (
    
        Jun 22 '3
    )
We'd like the full contents of that dialog as it has other important info.
grahamb gravatar imagegrahamb (
    
        Jun 22 '3
    )
Info:
Version 4.0.5 (v4.0.5-0-ge556162d8da3).

Compiled (64-bit) using Microsoft Visual Studio 2022 (VC++ 14.32, build 31332),
with GLib 2.72.3, with PCRE2, with zlib 1.2.12, with Qt 5.15.2, with libpcap,
with Lua 5.2.4, with GnuTLS 3.6.3 and PKCS #11 support, with Gcrypt 1.10.1, with
Kerberos (MIT), with MaxMind, with nghttp2 1.46.0, with brotli, with LZ4, with
Zstandard, with Snappy, with libxml2 2.9.14, with libsmi 0.4.8, with
QtMultimedia, with automatic updates using WinSparkle 0.5.7, with AirPcap, with
SpeexDSP (using bundled resampler), with Minizip, with binary plugins.

Running on 64-bit Windows Server 2019 (1809), build 17763, with Intel(R) Xeon(R)
Gold 6234 CPU @ 3.30GHz (with SSE4.2), with 32767 MB of physical memory, with
GLib 2.72.3, with PCRE2 10.40 2022-04-14, with Qt 5.15 ...
(more)
SGR gravatar imageSGR (
    
        Jun 22 '3
    )
as it has other important info
...such as the operating system on which you're running and the version of that operating system and, if the operating system is Windows, the version of WinPcap or Npcap used.
If the capture was done by Wireshark running on that machine, that information will be required in order to try to determine why bad time stamps were, presumably, written to the file.
That's also why we need to know if that traffic was captured with Wireshark or with some other tool; if it was captured with some other tool, that might be a problem with that tool.
Guy Harris gravatar imageGuy Harris (
    
        Jun 22 '3
    )

            
                see more comments
            
        
 
 
 
 
 
 1 Answer
    
 
 
                    Sort by »
                     oldest newest most voted 
 
 
 
 
 
  
 
 
 
 
1
 
 
  
 
 
 
 
 
 
 
 
    
        
        answered Jun 22 '3  
 
 grahamb gravatar image  
 
 
 
 
 
That's an npcap issue with version 1.74, the timestamps were not set correctly.  See issue 668.
 
To fix, install a different version of npcap, the current release version is 1.75
 
Preview: (hide)
 
 
 
 
         
        link
        
 
Comments
Excellent, thanks for your support!
SGR gravatar imageSGR (
    
        Jun 22 '3
    )
add a comment
 
 
 
 
  
 
 
 
 

    
        Your Answer
    

 
 Please start posting anonymously - your entry will be published after you log in or create a new account.

    

 
 
Add Answer
 
 
 
 
 
 
 
 
   
  
 
   
 
 
 
 
 
 
 
 
Question Tools
  
 

        
        
            1 follower
        
    
 
 
 subscribe to rss feed 
 
 
 
 
 
 
Stats
 

        Asked:  Jun 22 '3  
 
 
        Seen: 308 times 
 

        Last updated: Jun 22 '23 
 
 
 
Related questions
 
 
 I'd like to extract the timestamp from the wireless LAN management frame 
 
 What is the syntax for wireshark custom column 
 
 why is my NTP client timestamp wrong? 
 
 NTP timestamp display 
 
 timestamp diameter after decode as 
 
 Who sets the value of Timestamps fields inside TCP? 
 
 Datetime in VoIP Call 
 
 What exactly mean TSval and TSecr 
 
 Convert timestamp to YYYY-MM-DDTHH:MM:SS 
 
 TTAG timestamp protocol from CISCO NDB