9/8/2023 0 Comments Time stamp wireshark pcapOpening the exact same file on another system shows this instead, now with 04:09 (am) as the time: Just sayin’ □ ) on the 22nd of March 2014. Okay, a capture taken at 13:09 (that’s 1:09pm for my friends in the US. Let me show you an example (I use three timestamp columns by default, showing “Delta time displayed”, “Relative time” and “Absolute date and time” all at the same time instead of the single relative time column that is the default): But even if you’re not coding stuff like that you may run into trouble with timestamps, even when simply opening a capture file. If you ever try to write code that reads multiple capture file formats you’ll probably curse about the various methods of storing them (I know I did, and sometimes still do), and it can be a complex task to get your program turn all of them into correct values. Let’s go.Ībsolute timestamps seem pretty simple if you look at them in Wireshark, but let me tell you, they aren’t. Hm, wait… so now I write a blog post that is even longer?! Nevermind. It also means that I can point Uwe at this post instead of writing a lengthy email. And in the end, it looked like a good topic for a blog post, so here it is. I remembered that I had read something about this issue before, so I told him I’d investigate. He was teaching a 5 day class in Hamburg at the time, and had had a student ask about a peculiar problem with frame/packet timestamps. Last week Uwe, one of the instructors of the Wireshark class I created for FastLane, gave me a call in the evening.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |