tcpdump and wireshark: Show timestamp

Question

I run tcpdump on a remote host.
I copy the dump to my linux workstation.
I look at it with wireshark

The customer tells: Please look at the traffic at 8 o'clock.

... I found no way to filter the traffic to a time range.

I think I am missing something.

score 1 · Answer 1 · answered Aug 28 '15 at 17:27

1

to view the time of the capture, go to "View" -> "Time display format" and choose "Date and time of day"

answered Aug 28 '15 at 17:27

mmm

1,070
1
7
15

score 1 · Accepted Answer · answered Aug 29 '15 at 07:40

1

You can use a display filter to filter on time range.
For example:
(frame.time >= "Mar 18, 2015 20:38:04.705104000") && (frame.time <= "Mar 18, 2015 20:38:06.415883000")

Useful link:
WiresharK Wiki

answered Aug 29 '15 at 07:40

1

Thank you very much! ISO date formats are supported, too: `frame.time > "2015-09-03 20:38:04"` – guettli Sep 03 '15 at 12:28

tcpdump and wireshark: Show timestamp

2 Answers2