First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

Is it possible to update the wireshark reference time with windows time update after started capturing?

While capturing the network, the windows time was updated with a NTP server. Although the change of windows time, the wireshark reference time could not be updated. So, is it possible to update the wireshark reference time (arrival time) with windows time update after started capturing?

ali's avatar
1
ali
asked 2021-04-27 10:56:23 +0000
edit flag offensive 0 remove flag close merge delete

Comments

From "(arrival time)" I assume by "reference time"you don't mean the "time reference that's set by Edit > Set/Unset Time Reference.

Every packet captured has an arrival time; are you talking about updating the arrival times of packets that have already been captured, or are you talking about making sure all packets captures after the system time was updated have arrival times that reflect the system time change?

Guy Harris's avatar Guy Harris (2021-04-28 06:16:00 +0000) edit
more
  • delete
add a comment see more comments

1 Answer

0

Timestamps are added by the capture:
"Wireshark itself doesn't generate the timestamp so there's nothing Wireshark can do about it."

If using npcap for capture on Windows, there is an open issue related to time being adjusted by NTP.

Chuckc's avatar
3k
Chuckc
answered 2021-04-27 14:35:15 +0000
edit flag offensive 0 remove flag delete link
more

Comments

add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer