- Wireshark Revealed:Essential Skills for IT Professionals
- James H Baxter Yoram Orzach Charit Mishra
- 386字
- 2021-07-02 21:22:40
Using time values and summaries
Time format configuration is about how the time column (second from the left on default configuration) will be presented. In some scenarios, there is a significant importance given to this; for example, in TCP connections that you want to see time intervals between packets, when you capture data from several sources and you want to see the exact time of every packet, and so on.
Getting ready
To configure the time format, go to the View menu, and under Time Display Format you will get the following window:
How to do it...
You can chose from the following options:
- Date and Time of Day (the first two options): This will be good to configure when you troubleshoot a network with time-dependent events, for example, when you know about an event that happens at specific times, and you want to look at what happens on the network at the same time.
- Seconds Since Epoch: Time in seconds since January 1, 1970. Epoch is an arbitrary date chosen as a reference time for a system, and January 1, 1970 was chosen for Unix and Unix-like systems.
- Seconds Since Beginning of Capture: The default configuration.
- Seconds Since Previous Captured Packet: This is also a common feature that enables you to see time differences between packets. This can be useful when monitoring time-sensitive traffic (when time differences between packets is important), such as TCP connections, live video streaming, VoIP calls, and so on.
- Seconds Since Previous Displayed Packet: This is a useful feature that can be used when you configure a display filter, and only a selected part of the captured data is presented (for example, a TCP stream). In this case, you will see the time difference between packets that can be important in some applications.
- UTC Date and Time of Day: Provides us with relative UTC time.
The lower part of the submenu provides the format of the time display. Change it only if a more accurate measurement is required.
You can also use Ctrl + Alt + any numbered digit key on the keyboard for the various options.
How it works...
This is quite simple. Wireshark works on the system clock and presents the time as it is in the system. By default you see the time since the beginning of capture.