This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

I am doing some captures of boot-up sequences and I want the timestamps to be relative to the time in which the connected hardware is turned on. I am starting the capture at the same time that I power the hardware on. I have "seconds since beginning of capture" selected for the Time Display Format, but it seems that this actually means time since first packet. As a result, instead of the timestamps being relative to power up, they are relative to the first packet sent to/from the NIC, which is seconds later (significant for my application)

Is there a way to have the timestamp be relative to time at which the capture is actually triggered?

asked 22 Feb '17, 08:20

broadcastgear's gravatar image

broadcastgear
6113
accept rate: 0%


Is there a way to have the timestamp be relative to time at which the capture is actually triggered?

No, this isn't currently possible. If absolute time stamps work for you, you could add an absolute timestamp column; otherwise you could try to "seed" the capture file with a packet that you generate and capture immediately after wireshark is started - that way, the "time since first packet" and "time since capturing started" will essentially be the same, or hopefully close enough for your purposes.

permanent link

answered 22 Feb '17, 10:48

cmaynard's gravatar image

cmaynard ♦♦
9.4k1038142
accept rate: 20%

Ok, thanks for the reply! Not a bad idea with the seeded packet in tandem with the capture.

(22 Feb '17, 11:47) broadcastgear

If you decide to "seed" the capture with a packet, then of course you can send whatever you like, but here's a little script I use to send myself little syslog markers in the traces at various stages of capturing (e.g., "About to test feature xyz", "OK, things just failed.", ...) which you might find useful:

#!/bin/sh

if (( ${#} < 1 ))
then
        echo "Usage: $0 message [host]"
        exit 0
fi

if (( ${#} < 2 ))
then
        # Send a syslog message $1 to host 1.1.1.1
        echo "${1}" | nc -w 1 -u 1.1.1.1 514
else
        # Send a syslog message $1 to the host $2
        echo "${1}" | nc -w 1 -u ${2} 514
fi
(22 Feb '17, 11:57) cmaynard ♦♦
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×62

question asked: 22 Feb '17, 08:20

question was seen: 642 times

last updated: 22 Feb '17, 11:57

p​o​w​e​r​e​d by O​S​Q​A