When looking at a packet capture, is it possible to set the time zone used by Wireshark to a time zone other than the system time? My colleagues and I are a occasionally tripped up when working with each other from different time zones (east coast and west coast). asked 15 Oct '13, 10:23  syzdek |
2 Answers:
There isn't a way to set the timezone within Wireshark but it's easy enough to do from a shell prompt before starting Wireshark. The method to do that is described in the already-existing feature request to allow you to do it in the GUI: bug 2629. answered 15 Oct '13, 11:18  JeffMorriss ♦ showing 5 of 8 show 3 more comments |
As far as I can tell (also from http://www.wireshark.org/docs/wsug_html_chunked/ChAdvTimezones.html) Wireshark has no option to adjust the time zone for you. So either you temporarily set your time zone to the one of your colleagues while working with the file, or you use editcap to adjust the timing. I always adjusted my time zone while working with traces taken in a different time zone, but maybe you may want to put in a feature request. It shouldn't be too much of a problem for one of the developers to add an option/command line parameter/preference setting to adjust the time zone to a "per Wireshark" setting. answered 15 Oct '13, 10:33  Jasper ♦♦ Or just ask for support for GMT. Most network folks work in GMT/zulu anyway. I thought that's what Absolute Time did...maybe I was wrong. (15 Oct '13, 10:51) hansangb Absolute Time is just a time column that displays date and time of day (and no relative times like "relative time" and "delta time"), adjusted from UTC to the local time zone. And that's perfectly fine with me - I'd be confused if it would show UTC ;-) (15 Oct '13, 15:56) Jasper ♦♦ |
Thanks Jeff. Didn't know about the TZ option.
You're welcome.
If an Answer answers your question, please be sure to Accept it by clicking on the checkbox. That way the question won't show up in the list of unanswered questions. (See the FAQ for more details.)
It's a similar trick like temporarily changing the temp dir for Wireshark, by setting the tmp/temp environment variables on a command line / batch before running Wireshark.
@Jasper, a possible new feature for tracewrangler as well? I don't have a particular need myself, but it seems like something suitable for the tool. Just an idea.
Jeff, I really should read the FAQ. I find it hard to follow the thread as latest comments are not at the end etc. But if I never read Gerald's release notes...what hope is there for me! LOL
@hansangb: Doh! Sorry, I thought you were the OP/asker of the question! Sorry, I completely missed that you weren't!
Oh dear, that release note running gag now even shows up when there is no Sharkfest going on... ;-))
@cmaynard: good idea - it should be pretty easy to implement, so I might just add it as an option to the editing task settings.