This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Use date of packet in INFO field

0

When I wireshark the packets do not always arrive at the server in the sequence in which they were generated.

This means that if I filter by the date of arrival at the server, I may also get older packets that I do not want and miss new packets that are required.

I could use the information in the info field to get the correct sequence of packets but don't know how to do this.

Is there a method to extract time text from the data payload and use it to filter, (similar to frame.time) ?

asked 07 Apr '15, 03:59

seanj's gravatar image

seanj
6113
accept rate: 0%


One Answer:

0

Is there a method to extract time text from the data payload

In general, no, as most packets do not have the time the packet was sent as part of the packet data, as most protocols do not include that in the packet.

answered 07 Apr '15, 20:43

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196
accept rate: 19%

Thanks Guy, however the packets I am interested in, all have a date in the data payload. I have performed this operation to some degree using a high level programming language but it would be handier if I could just filter the info i need in wireshark. If it can't be done, it can't be done...

(08 Apr '15, 07:04) seanj

If you know your protocol you could write a LUA dissector that hands you this information you can filter on.

(08 Apr '15, 08:36) Jaap ♦

That would be a dissector then. You can create a plain text (WSGD), Lua or a traditional C dissector.

(08 Apr '15, 08:38) grahamb ♦