First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

Is it possible to start a capture's timer when the capture button is clicked?

..... and not when the first packet is seen?

I want to be able to time network events from the time a device is powered up (which is when I start the capture file). Currently I can only see timers starting when the first packet is captured.

Waldo W's avatar
1
Waldo W
asked 2019-07-31 08:00:37 +0000
edit flag offensive 0 remove flag close merge delete

Comments

And what timer would this be? Are you referring to the timestamp of the first packet?

grahamb's avatar grahamb (2019-07-31 09:21:06 +0000) edit
more
  • delete

Hi. No Id like the timer to start when I click the capture start button so I can time the delay from a device powering up to when it starts its network activity.

Waldo W's avatar Waldo W (2019-07-31 10:44:41 +0000) edit
more
  • delete

I think you'd need to start capturing on another machine and then generate a packet (ping, for example) while simultaneously powering up the Device Under Test (DUT). Your capture machine should capture the marker packet and that will allow you to have a time reference you can use for all other measurements.

A marker I like to use instead of an ICMP echo request (ping) is a syslog packet generated from nc (a.k.a., netcat). For example:

echo -n "Powering up device now" | nc -w 0 -u 1.1.1.1 514

[Conduct tests.]

echo -n "Test complete" | nc -w 0 -u 1.1.1.1 514
cmaynard's avatar cmaynard (2019-07-31 13:49:50 +0000) edit
more
  • delete

Hi - thanks for responding. I wont be able to ping the capture machine in this case as its connected to a SPAN destination port for the purpose of capturing. I like your suggestion of using marker packets and will certainly make use of them where possible. Thanks again

Waldo W's avatar Waldo W (2019-07-31 15:01:36 +0000) edit
more
  • delete

You should still be able to capture the marker though, right? You don't really care if the switch actually passes the packet or not, only that the capture device connected to the switch records the marker in the capture file, which it should.

cmaynard's avatar cmaynard (2019-07-31 15:14:29 +0000) edit
more
  • delete
add a comment see more comments

1 Answer

1

I think you want the time of the first packet to display the offset from when the capture was started, rather than the current (when "Seconds Since Beginning of Capture" time format is selected) 0.000000.

Unfortunately, I don't think that's currently possible as the capture file format (pcap or pcapng) doesn't record the start time of the capture, only the timestamp of each packet.

It might be possible to add the capture start time to the capture, please raise an enhancement request on the Wireshark Bugzilla.

grahamb's avatar
23.8k
grahamb
answered 2019-07-31 13:33:54 +0000
edit flag offensive 0 remove flag delete link
more

Comments

Thanks for the suggestions - Ill raise an enhancement request as you suggest - Cheers!

Waldo W's avatar Waldo W (2019-07-31 14:59:09 +0000) edit
more
  • delete
add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer