This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Wireshark-QT - Unable to change timestamp presentation format?

0

I am running Wireshark-QT 1.12.0 on OSX 10.9.4.

The Wireshark User's Guide refers to being able to select different time presentation formats:

https://www.wireshark.org/docs/wsug_html_chunked/ChWorkTimeFormatsSection.html

However, when I go to the view menu on Wireshark-QT, this is all I see:

alt text

Is this simply a feature that hasn't been ported across to Wireshark-QT yet? It seems like a pretty fundamental feature of Wireshark. Is there any other way of changing the timezone column in Wireshark-QT so that it shows the actual timestamp of a packet? This is very useful to correlate events in a packet capture against other events (e.g. loglines, or real-world events).

Or could there be something funny with the PCAP file I have?

The commandline that I believe was used to capture the PCAP file was:

sudo tcpdump -Xs0 -Nnpi <INTERFACE> tcp port <PORT> -w <CAPTURE_FILENAME>

asked 21 Aug '14, 19:35

victorhooi's gravatar image

victorhooi
1111
accept rate: 0%

edited 18 Oct '14, 00:51

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196


One Answer:

0

Yes, that feature simply seems to not have been ported yet. For the time being you might just go to the preferences and add/change the time columns you need. I usually have three: absolute date & time, delta time displayed, and relative time.

answered 22 Aug '14, 11:09

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%

Jasper gives the correct answer so just a nuance. On my mac/Qt version I had to restart Wireshark for the changes to take affect.

(17 Oct '14, 15:32) Briford