This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

tcp.time_delta and tcp.time_relative not showing any values

3
1

Is it just me or do the display-filter for tcp.time_delta and tcp.time_relative don't show any values ...?

tested with:

Version 1.6.8 (SVN Rev 42761 from /trunk-1.6)

Copyright 1998-2012 Gerald Combs [email protected] and contributors. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GTK+ 2.24.5, with GLib 2.29.8, with libpcap (version unknown), with libz 1.2.3, without POSIX capabilities, without libpcre, with SMI 0.4.8, without c-ares, without ADNS, with Lua 5.1, without Python, with GnuTLS 2.12.7, with Gcrypt 1.4.6, with MIT Kerberos, with GeoIP, with PortAudio V19-devel (built Sep 30 2011 11:17:29), without AirPcap.

Running on Mac OS 10.6.8 (Darwin 10.8.0), with libpcap version 1.0.0, with libz 1.2.3, GnuTLS 2.12.7, Gcrypt 1.4.6.

Built using gcc 4.2.1 (Apple Inc. build 5666) (dot 3).

Wireshark is Open Source Software released under the GNU General Public License.

Check the man page and http://www.wireshark.org for more information.

asked 01 Jun '12, 00:29

teoh's gravatar image

teoh
51236
accept rate: 0%

One Answer:

4

Please enable TCP timestamp calculation (disabled by default)

Edit -> Preferences -> Protocols -> TCP -> Calculate conversation timestamps

with thshark

tshark.exe -r input.cap -o tcp.calculate_timestamps:true -T fields -e frame.number -e tcp.time_delta -e <whatever you need> -E header=y -E separator=;

Rgards
Kurt

answered 01 Jun '12, 01:31

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

edited 01 Jun '12, 01:47

That did the trick, thanks

(04 Jun '12, 08:22) teoh