Ask Your Question
0

How to save a Time Shift?

asked 2017-11-24 06:15:37 +0000

this post is marked as community wiki

This post is a wiki. Anyone with karma >750 is welcome to improve it.

Time Shift is used to alter the timestamps of packets in a trace file. In 101.pcapng,the original arrival time was Jul 7, 2017 14:36:56.111000000. I have shifted the arrival time by +3.2 seconds. The new arrival time was Jul 7, 2017 14:36:59.311000000 and save it called 101new.pcapng. When I open the 101new.pcapng, I get the arrival time is the same as 101.pcapng. Although I changed the arrival time by +3.2 seconds and saved, the new arrival time return to the orignal arrival time. Why?

Thanks,

Chen Yun Long

edit retag flag offensive close merge delete

Comments

Did you try marking all of the packets and then exporting them? Didn't try it myself, but it might be worth a try.

proj964 gravatar imageproj964 ( 2017-11-27 22:08:59 +0000 )edit

2 Answers

Sort by ยป oldest newest most voted
1

answered 2017-11-24 11:50:59 +0000

Uli gravatar image

Don't know whether it is supported to save time shifted packets in Wireshark.

However I can recommand to use editcap -t 3.2 infile.pcap outfile.pcap for this purpose.

edit flag offensive delete link more
0

answered 2017-11-27 14:17:12 +0000

cmaynard gravatar image

As far as I can tell, it's not possible to save a time-shifted capture file directly from Wireshark. If you would like to be able to do this, I would suggest opening a Wireshark enhancement bug report at https://bugs.wireshark.org/bugzilla/.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

Stats

Asked: 2017-11-24 06:15:37 +0000

Seen: 88 times

Last updated: Nov 27