Ask Your Question
0

how do i access data from a specific date and time frame?

asked 2019-06-10 21:35:51 +0000

jenna gravatar image

i'm trying to figure out how to look up the recorded information on wireshark from a particular date and time. the information i need is very important can anyone help with step by step instructions, guidance, anything? Please any help would be greatly appreciated

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2019-06-10 21:55:54 +0000

Hi

I like using the frame.time field for this.

You should see this field under Frame in the Packet details pane if your capture has Ethernet frames in it.

You can see packets for certain times using these filters:

Packets received ON or AFTER December 28, 2018 16:45:

frame.time >= "Dec 28, 2018 16:45:00.000000000"

Packets received BETWEEN 16:45 and 17:45 on December 28, 2018:

(frame.time >= "Dec 28, 2018 16:45:00.000000000" ) && (frame.time <= "Dec 28, 2018 17:45:00.000000000")

Hopefully you know what the time was on the capture device (precision, timezone, etc.) because that is the time used for that field.

Cheers,

JFD

edit flag offensive delete link more

Comments

thank you so much. im not real computer savvy all the verbiage confuses me as its always changing or i don't remember how to do something i like to have a visual guide or instruction so i can refer back and this will help alot will definitely try this.. so very appreciated thanks again :)

jenna gravatar imagejenna ( 2019-06-10 23:34:37 +0000 )edit

Glad I could help!

Please mark the answer as correct (click the checkmark) so others may benefit from it in the future.

JFD

Spooky gravatar imageSpooky ( 2019-06-11 21:31:23 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2019-06-10 21:35:51 +0000

Seen: 1,532 times

Last updated: Jun 10 '19