Hi all, I have been running tshark on a clean ubuntu server for a few weeks, but i've noticed something odd in the timestamps of each logfile, while i setup the duration to be each hour.. for example: Nov 19 04:05 example1.cap Nov 19 05:05 example2.cap Nov 19 06:05 example3.cap Nov 19 08:59 example4.cap Nov 19 09:59 example5.cap As can be seen there´s a time gap between example3.cap and example4.cap This is the command i've been using: nohup tshark -i eth0 -t ad -w /var/log/filename.cap -b duration:3600 & I´m worrying about this since there are specific random network problems appearing, because they might happen in these gaps.. Does anyone have an explanation for this, and what i should be doing= asked 19 Nov '12, 02:20  ChrsL |
One Answer:
That's where editcap can help.
This will adjust the timestamp for +300 seconds. See the man page for editcap.
You can do the same in Wireshark itself (please use the latest version). Open the capture file and then:
Regards answered 19 Nov '12, 03:05  Kurt Knochner ♦ |
Thanks for the answer!
you're welcome.
If a supplied answer resolves your question can you please "accept" it by clicking the checkmark icon next to it. This highlights good answers for the benefit of subsequent users with the same or similar questions.