Hi, I'm using editcap.exe command from Windows 7 console and not getting desired output. The exact command is: The 160413csi05_narrowtime.snoop is created with file size of 1K. The file opens in Wireshark GUI but there is nothing in file. The original 160413csi05.snoop file date range is 2016-04-13 12:23:04 for frame 1 to 2016-04-13 14:43:42 for frame 92163. Thanks asked 13 Apr '16, 08:33  major edited 13 Apr '16, 08:40  grahamb ♦ |
One Answer:
@major, It works for me with One thought as to why it might not be working would be if the capture was taken in a different time zone than where you are, but you ought to be able to verify the timestamps by running (Moved from comment to answer since this was the solution.) answered 14 Apr '16, 11:48  cmaynard ♦♦ cmaynard's suggestion to check time zones using capinfo worked. The snoop was originally captured on a Solaris 10 system that uses UTC. My local laptop uses Central time. The below command worked: Thanks for all the assistance! (14 Apr '16, 07:28) major |
editcap version (
-V)?C:>"C:\Program Files\Wireshark\editcap.exe" -version C:\Program Files\Wireshark\editcap.exe: invalid option -- 'e' Editcap 1.12.4 (v1.12.4-0-gb4861da from master-1.12) Edit and/or translate the format of capture files. See http://www.wireshark.org for more information.
@grahamb It's a lower-case
'v', not an uppercase'v', so it's the verbose option.@cmaynard
The uppercase -V was to get the version info.