I am running Wireshark-QT 1.12.0 on OSX 10.9.4. The Wireshark User's Guide refers to being able to select different time presentation formats: https://www.wireshark.org/docs/wsug_html_chunked/ChWorkTimeFormatsSection.html However, when I go to the view menu on Wireshark-QT, this is all I see:
Is this simply a feature that hasn't been ported across to Wireshark-QT yet? It seems like a pretty fundamental feature of Wireshark. Is there any other way of changing the timezone column in Wireshark-QT so that it shows the actual timestamp of a packet? This is very useful to correlate events in a packet capture against other events (e.g. loglines, or real-world events). Or could there be something funny with the PCAP file I have? The commandline that I believe was used to capture the PCAP file was:
asked 21 Aug '14, 19:35  victorhooi edited 18 Oct '14, 00:51  Guy Harris ♦♦ |
One Answer:
Yes, that feature simply seems to not have been ported yet. For the time being you might just go to the preferences and add/change the time columns you need. I usually have three: absolute date & time, delta time displayed, and relative time. answered 22 Aug '14, 11:09  Jasper ♦♦ |
Jasper gives the correct answer so just a nuance. On my mac/Qt version I had to restart Wireshark for the changes to take affect.