0

I just installed Wireshark on two machines in order to track down "lost" webservice-calls: one instance on the machine running the WS, the other on the machine which calls the WS. What I'm missing is useful timestamp - per default, Whireshark is displaying a random date (2023-5-02 - no idea why). I used every available time-value from the Edit-list, but none was helpful. Is there a way to display the real timestamp? I just found a 9-year-old thread here which says, that Wireshark itself cannot determine the timestamp - hopefully that changed in the meantime...?

TIA, Buzzy

buzzyheb
  • 1
  • Wireshark uses the system time of the capture machine for timestamping. Have you checked that the clock is set properly on the capture machine? If you're capturing on multiple machines, then you should be sure they all have the time set as accurately as possible, perhaps via NTP, especially if you intend to compare timestamps between them. – Christopher Maynard Jun 20 '23 at 19:43
  • Hi, the system's time is up-to-date. The funny thing is that when e.g. "UTC date" is displayed, there is only one timestamp used for ALL packages (which is in my case 2023-05-02 11:55:36,464794). I'm using NPCAP 1.74 - maybe this is the reason for it? Regards, Buzzy – buzzyheb Jun 21 '23 at 04:57
  • Npcap 1.75 is available, but I doubt that's the problem. You may want to ask your question over at https://ask.wireshark.org/questions/ or visit the Wireshark Discord Server (linked in the sidebar) and ask there. – Christopher Maynard Jun 21 '23 at 14:49
  • I'll give it a try, thanks :-) – buzzyheb Jun 22 '23 at 06:10
  • 1
    Solution: NPCAP V1.75 https://ask.wireshark.org/question/31828/timestamps-not-working/ – buzzyheb Jun 22 '23 at 09:30

0 Answers0