This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

MAC Time Stamp in WLAN captures

0

Hi,
I would like to capture an put a time stamp at the beginning of MPDU or before MPDU starts. Can anybody help me regarding this. Thanks you in advance, Best Regards, Amin

asked 30 May '11, 07:22

AminGho's gravatar image

AminGho
51448
accept rate: 0%

Are you looking for radiotap.mactime?

$ tshark -i 1 -T fields -e frame.number -e radiotap.mactime
Capturing on AirPcap USB wireless capture adapter nr. 00
1       52586108
2       52669071
3       52673115
(03 Jun '11, 13:14) joke

One Answer:

0

Timestamps are retrieved from the libpcap/winpcap library, which in turn get the timestamp from the OS kernel.

This may be oversimplified for what you actually need but...

if you are using tshark you could use:

tshark -i (interface#) -T fields -e frame.time -e (whatever other fields you want to display)

For capturing, time stamp is already included in every packet, but you can output different formats using parameters as follows:

tshark -i (interface#) -t ad (absolute date and time) or -t a (absolute time) or -t r (relative time between 1st and current packet) or -t d (delta from previous packet) or -t dd (displayed delta) or -t e (epoch time since 1/1/1970).

Hope this is helpful,

John

answered 02 Jun '11, 06:33

John_Modlin's gravatar image

John_Modlin
1205
accept rate: 0%