Ethereal: Re: [Ethereal-users] Anybody know how to use editcap to modify the timestamps of pcap packets ? EOM

Ethereal-users: April 2006

Subject: Re: [Ethereal-users] Anybody know how to use editcap to modify the timestamps of pcap packets ? EOM
From: Sake Blok <sake@xxxxxxxxxx>
Date: Thu, 6 Apr 2006 08:06:58 +0200

Yes, I do, by RTFM ;)

blok@for-gods-sake ~
$ tethereal -ta -r tmp.cap
  1 00:21:52.341298 213.206.125.35 -> 147.229.3.16 TCP 13372 > http [SYN] Seq=1893157956 Len=0 MSS=1460 TSV=73450120 TSER=0 WS=0
  2 00:21:52.378721 147.229.3.16 -> 213.206.125.35 TCP http > 13372 [SYN, ACK] Seq=2108860794 Ack=1893157957 Win=57344 Len=0 MSS=1460 WS=0 TSV=115486344 TSER=73450120
  3 00:21:52.379572 213.206.125.35 -> 147.229.3.16 TCP 13372 > http [ACK] Seq=1893157957 Ack=2108860795 Win=1460 Len=0 TSV=73450124 TSER=115486344
  4 00:21:52.380014 213.206.125.35 -> 147.229.3.16 HTTP GET /daily.cvd HTTP/1.1[Packet size limited during capture]
  5 00:21:52.425102 147.229.3.16 -> 213.206.125.35 HTTP HTTP/1.1 206 Partial Content[Packet size limited during capture]
  6 00:21:52.425166 147.229.3.16 -> 213.206.125.35 TCP http > 13372 [FIN, ACK] Seq=2108861618 Ack=1893158100 Win=57920 Len=0 TSV=115486348 TSER=73450124
  7 00:21:52.426846 213.206.125.35 -> 147.229.3.16 TCP 13372 > http [ACK] Seq=1893158100 Ack=2108861618 Win=7407 Len=0 TSV=73450128 TSER=115486348
  8 00:21:52.426918 213.206.125.35 -> 147.229.3.16 TCP 13372 > http [FIN, ACK] Seq=1893158100 Ack=2108861619 Win=7407 Len=0 TSV=73450128 TSER=115486348
  9 00:21:52.464643 147.229.3.16 -> 213.206.125.35 TCP http > 13372 [ACK] Seq=2108861619 Ack=1893158101 Win=57920 Len=0 TSV=115486352 TSER=73450128

blok@for-gods-sake ~
$ editcap -t 10 tmp.cap tmp2.cap

blok@for-gods-sake ~
$ tethereal -ta -r tmp2.cap
  1 00:22:02.341298 213.206.125.35 -> 147.229.3.16 TCP 13372 > http [SYN] Seq=1893157956 Len=0 MSS=1460 TSV=73450120 TSER=0 WS=0
  2 00:22:02.378721 147.229.3.16 -> 213.206.125.35 TCP http > 13372 [SYN, ACK] Seq=2108860794 Ack=1893157957 Win=57344 Len=0 MSS=1460 WS=0 TSV=115486344 TSER=73450120
  3 00:22:02.379572 213.206.125.35 -> 147.229.3.16 TCP 13372 > http [ACK] Seq=1893157957 Ack=2108860795 Win=1460 Len=0 TSV=73450124 TSER=115486344
  4 00:22:02.380014 213.206.125.35 -> 147.229.3.16 HTTP GET /daily.cvd HTTP/1.1[Packet size limited during capture]
  5 00:22:02.425102 147.229.3.16 -> 213.206.125.35 HTTP HTTP/1.1 206 Partial Content[Packet size limited during capture]
  6 00:22:02.425166 147.229.3.16 -> 213.206.125.35 TCP http > 13372 [FIN, ACK] Seq=2108861618 Ack=1893158100 Win=57920 Len=0 TSV=115486348 TSER=73450124
  7 00:22:02.426846 213.206.125.35 -> 147.229.3.16 TCP 13372 > http [ACK] Seq=1893158100 Ack=2108861618 Win=7407 Len=0 TSV=73450128 TSER=115486348
  8 00:22:02.426918 213.206.125.35 -> 147.229.3.16 TCP 13372 > http [FIN, ACK] Seq=1893158100 Ack=2108861619 Win=7407 Len=0 TSV=73450128 TSER=115486348
  9 00:22:02.464643 147.229.3.16 -> 213.206.125.35 TCP http > 13372 [ACK] Seq=2108861619 Ack=1893158101 Win=57920 Len=0 TSV=115486352 TSER=73450128

blok@for-gods-sake ~
$

As you can see "editcap -t 10 tmp.cap tmp2.cap" increased all timestamps
by 10 seconds.


Hope this helps,   Cheers,   Sake

References:
- [Ethereal-users] Anybody know how to use editcap to modify the timestamps of pcap packets ? EOM
  - From: tony vong

Prev by Date: Re: [Ethereal-users] Capture Idle bytes
Next by Date: [Ethereal-users] RTP analysis module
Previous by thread: [Ethereal-users] Anybody know how to use editcap to modify the timestamps of pcap packets ? EOM
Next by thread: [Ethereal-users] Hi
Index(es):
- Date
- Thread