Wireshark · Wireshark-users: Re: [Wireshark-users] Changing timestamps

Wireshark-users: Re: [Wireshark-users] Changing timestamps

From: Trebor Sreyb <tsreyb@xxxxxxxxx>

Date: Thu, 3 Jan 2008 07:51:50 -0800 (PST)

FWIW - I solved my own problem. editcap is the wrong tool. I found that by using: 1. wireshark file > export and 2. text2pcap with the -t option, I was able to change individual timestamps to suit my needs.

-Bob

----- Original Message ----
From: Trebor Sreyb <tsreyb@xxxxxxxxx>
To: wireshark-users@xxxxxxxxxxxxx
Sent: Thursday, January 3, 2008 1:38:39 AM
Subject: [Wireshark-users] Changing timestamps

I'm in need of changing the timestamps of the packets in a pcap file.
 editcap has a global approach to this, where a range of packets can be
 applied the same time adjustment. However, I need to have much finer
 grained control.

So, I noticed wireshark will let me save my file as a text format
 called "k12text", which I then was able to modify using a tcl script that
 read the k12text file and rewrote it with new timestamps according to my
 requirements.

For example, my script increments the timestamp from one packet to the
 next by a default of 0.0000001s, with specific overrides for any packet
 of my choosing.

Then - I had hoped - I could read the k12text file into wireshark and
 do a file > save as, to ultimately save it as a pcap file again.

Problem is, it appears that a k12text file cannot be saved as a pcap
 (or most anything else). This was a huge disappointment, as I spent the
 time to write the tcl script and thought all was set. But alas I seem to
 be back at the drawing board.

Is there another approach I might take to accomplish this task?

Ultimately, the file will be imported into a 3rd party capture/replay
 tool, which understands libpcap files only. 

Thanks,
-Bob
 Andover, MA usa

  ____________________________________________________________________________________
Be a better friend, newshound, and 
know-it-all with Yahoo! Mobile.  Try it now.
  http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ 

_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users

      ____________________________________________________________________________________
Looking for last minute shopping deals?  
Find them fast with Yahoo! Search.  http://tools.search.yahoo.com/newsearch/category.php?category=shopping

Prev by Date: Re: [Wireshark-users] Changing timestamps
Next by Date: Re: [Wireshark-users] Changing timestamps
Previous by thread: Re: [Wireshark-users] Changing timestamps
Next by thread: [Wireshark-users] Broken TCP
Index(es):
- Date
- Thread