First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

time not working - always shows boot time of PC

  • retag add tags

Running Wireshark 4.0.5 on Win 11 a have an issue with time column - It always shows boot-time of PC, instead of the time the packet was captured.

I have tried downloading v.4.0.4 (portable) but the issue is the same. Also tried the different "Time Display Formats", but it just shows the boot-time in different ways.

If I open a command prompt, and execute the "time"-command it shows the actual time

Any idea what could be wrong?

/L

LBee's avatar
1
LBee
asked 2023-04-24 09:30:58 +0000
edit flag offensive 0 remove flag close merge delete

Comments

What version of npcap are you using, this will be shown in the "Running on" section of the Help->About Wireshark dialog.

grahamb's avatar grahamb (2023-04-24 09:59:55 +0000) edit
more
  • delete

Hi Graham

Looks like 1.74

Running on 64-bit Windows (22H2), build 22624, with AMD Ryzen 7 2700 Eight-Core Processor (with SSE4.2), with 65467 MB of physical memory, with GLib 2.72.3, with PCRE2 10.40 2022-04-14, with Qt 5.15.2, with Npcap version 1.74, based on libpcap version 1.10.3, with c-ares 1.18.1, with GnuTLS 3.6.3, with Gcrypt 1.10.1, with nghttp2 1.46.0, with brotli 1.0.9, with LZ4 1.9.3, with Zstandard 1.5.2, without AirPcap, with light display mode, without HiDPI, with LC_TYPE=English_United Kingdom.utf8, binary plugins supported.
LBee's avatar LBee (2023-04-24 10:04:39 +0000) edit
more
  • delete
add a comment see more comments

1 Answer

0

OK, like you I have manually installed npcap 1.74 and have the same issue, timestamps in captures are all identical and look to be the PC boot time.

This would be an npcap issue, I have raised it on their GitHub issue tracker, see here.

Edit, fixed npcap issue link,

grahamb's avatar
23.8k
grahamb
answered 2023-04-24 10:16:53 +0000, updated 2023-04-24 10:50:51 +0000
edit flag offensive 0 remove flag delete link
more

Comments

I un-installed wireshark + npcap, an rebooted my PC. Then downloaded, and installed Wireshark (with pcap).

When starting Wireshark it came with a message about I have to disable "promiscuous mode" on the interface. Did that, and now time-column are showing correct values.

I didn't get that message, when I installed the pcap manually - maybe disabling that could have solved the issue in the first place (dont know what "promiscuous mode" is/does).

At least there is a workaround for the issue

Thanks for your help

LBee's avatar LBee (2023-04-24 10:34:39 +0000) edit
more
  • delete

You've probably reverted to an older version of npcap. Wireshark 4.0.5 comes with npcap 1.71 that has the "promiscuous mode" issue, e.g. here.

grahamb's avatar grahamb (2023-04-24 10:54:20 +0000) edit
more
  • delete

@grahamb: Maybe you want to amend the npcap issue, which lists the Npcap version as 1.7.4, while it's 1.74

Jaap's avatar Jaap (2023-04-24 11:08:22 +0000) edit
more
  • delete

You're right of course - I didn't think of that when I installed it.

LBee's avatar LBee (2023-04-24 11:09:37 +0000) edit
more
  • delete

@Jaap, fixed.

grahamb's avatar grahamb (2023-04-24 11:32:13 +0000) edit
more
  • delete
add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer