Hi, When opening a capture file that contains timestamping done by third party via Wireshark, What will be the default behavior assuming packets written to the file out-of-order, display by order or be timestamp?

Thanks

asked 19 Mar, 00:18

yakovd's gravatar image

yakovd
62
accept rate: 0%

When opening a capture file that contains timestamping done by third party via Wireshark

So you mean that you have a capture file with time stamping done by a third party, and you open it in Wireshark?

If so, by "timestamping" do you mean the time stamps in the packet records or time stamps in the contents of the packets?

(19 Mar, 22:03) Guy Harris ♦♦

Hi,

I mean the time stamps in the packet records.

(19 Mar, 22:45) yakovd

The default behavior is to display packets by the order in which they appear in the file. You can sort by the time stamp column, bu that's not the default.

The Wireshark package includes a command-line tool, reordercap, which will read a capture file and write the packets, sorted by their timestamps, to a new file.

link

answered 19 Mar, 23:11

Guy%20Harris's gravatar image

Guy Harris ♦♦
16.9k335192
accept rate: 19%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "Title")
  • image?![alt text](/path/img.jpg "Title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×60

Asked: 19 Mar, 00:18

Seen: 108 times

Last updated: 19 Mar, 23:11

p​o​w​e​r​e​d by O​S​Q​A