This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Problem with Absolute Time

0

Hello everybody! I have a "little" problem with Wireshark timestamps. I have one column with "Time", which starts at 0.0, but I want to get the absolute time (=system time) like "2013-11-05 09:39:02". I have selected "Absolute date and time" option for a new column and I get something like "1970-01-01 1:00:10" -> Epoch time :( How can I change this date-time?

Thank you in advance!

asked 05 Nov '13, 00:44

JoseA's gravatar image

JoseA
1111
accept rate: 0%

What OS and Wireshark Version are you using? "Absolute Date and Time" should give you the absolute date and time of the packets adjusted to your time zone settings (meaning, they should be the same time your system showed when capturing the packets).

(05 Nov '13, 02:47) Jasper ♦♦

One Answer:

0

I have one column with "Time", which starts at 0.0
I have selected "Absolute date and time" option for a new column and I get something like "1970-01-01 1:00:10"

Sounds like the date/time in your capture file is really 0.00, hence you get 1970-01-01 etc. if you display the full date time.

If you run capinfos, what do you see in the rows 'Start time' and 'End time'?

capinfos input.pcap

File type:           Wireshark/tcpdump/... - pcap
File encapsulation:  Ethernet
Packet size limit:   file hdr: 65535 bytes
Number of packets:   12 k
File size:           4147 kB
Data size:           3941 kB
Capture duration:    67 seconds
Start time:         Wed Feb 02 16:37:29 2011
End time:           Wed Feb 02 16:38:36 2011

Regards
Kurt

answered 05 Nov '13, 05:40

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%