OSQA is unmaintained. Help us figure out where to go from here.

Hi, When opening a capture file that contains timestamping done by third party via Wireshark, What will be the default behavior assuming packets written to the file out-of-order, display by order or be timestamp?

Thanks

asked 19 Mar, 00:18

yakovd's gravatar image

yakovd
6124
accept rate: 0%

When opening a capture file that contains timestamping done by third party via Wireshark

So you mean that you have a capture file with time stamping done by a third party, and you open it in Wireshark?

If so, by "timestamping" do you mean the time stamps in the packet records or time stamps in the contents of the packets?

(19 Mar, 22:03) Guy Harris ♦♦

Hi,

I mean the time stamps in the packet records.

(19 Mar, 22:45) yakovd

The default behavior is to display packets by the order in which they appear in the file. You can sort by the time stamp column, bu that's not the default.

The Wireshark package includes a command-line tool, reordercap, which will read a capture file and write the packets, sorted by their timestamps, to a new file.

permanent link

answered 19 Mar, 23:11

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.3k335194
accept rate: 19%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×62

question asked: 19 Mar, 00:18

question was seen: 301 times

last updated: 19 Mar, 23:11

p​o​w​e​r​e​d by O​S​Q​A