i want to write the filter to get packets in a time slice; and it seems wireshark use GMT time. and so how to write the filer? asked 13 Oct '12, 20:41  boyxiaolong |
One Answer:
Select any packet in the Packet List. Expand the Frame section in the Packet Details pane. Right-click on Arrival Time and select Prepare a Filter > Selected. You will get something like this in the display filter field: frame.time == "Oct 15, 2012 16:36:01.009638000" Edit this display filter. Change the "==" to ">=" and change the time to the earliest time you want your display filter to show. For example: frame.time >= "Oct 15, 2012 16:00:00" Now right-click on Arrival Time again and select Prepare a Filter > And Selected. You will now have something like this: (frame.time >= "Oct 15, 2012 16:00:00") && (frame.time == "Oct 15, 2012 16:36:01.009638000") Now edit the second part of the filter. Change "==" to "<=" and change the time to the latest time you want your display filter to show. For example: (frame.time >= "Oct 15, 2012 16:00:00") && (frame.time <= "Oct 15, 2012 17:00:00") Click Apply. This example display filter will show all frames arriving between 16:00 and 17:00 local time on October 15th. answered 15 Oct '12, 19:58  Jim Aragon Excellent, straight forward answer. Thanks! (15 Feb '13, 06:32) MEMark |
The UI is localized to your timezone by default. Unless you change it to display absolute time. But I don't quite understand your question. Are you talking about a display filter?
And of course there's just the "manually adjust your time" option.