Ethereal: Re: [Ethereal-users] how to modify packet timestamp using ethereal ???

Ethereal-users: April 2006

Subject: Re: [Ethereal-users] how to modify packet timestamp using ethereal ???
From: Sake Blok <sake@xxxxxxxxxx>
Date: Wed, 5 Apr 2006 10:00:14 +0200

On Tue, Apr 04, 2006 at 11:54:04PM -0700, Guy Harris wrote:
> tony vong wrote:
> >How do you modify pcap timestamp using ethereal ?
> 
> You don't.  Ethereal doesn't support that.

That's where editcap comes in handy, from the man-page:

-t <time adjustment>

Sets the time adjustment to use on selected packets. If the -t flag is used to specify a time adjustment, the specified adjustment will be applied to all selected packets in the capture file. The adjustment is specified as [-]seconds[.fractional seconds]. For example, -t 3600 advances the timestamp on selected packets by one hour while -t -0.5 reduces the timestamp on selected packets by one-half second. 
This feature is useful when synchronizing dumps collected on different machines where the time difference between the two machines is known or can be estimated.

In ethereal there is always the option to make a time-reference (right-click
on a packet). That way you can also synchronize the display of two open 
capture-files.

I hope this helps, Cheers,

Sake

References:
- [Ethereal-users] how to modify packet timestamp using ethereal ???
  - From: tony vong
- Re: [Ethereal-users] how to modify packet timestamp using ethereal ???
  - From: Guy Harris

Prev by Date: Re: [Ethereal-users] Ethereal Promiscuous Mode
Next by Date: Re: [Ethereal-users] how to get total time of a connections?
Previous by thread: Re: [Ethereal-users] how to modify packet timestamp using ethereal ???
Next by thread: Re: [Ethereal-users] how to modify packet timestamp using ethereal ???
Index(es):
- Date
- Thread