如何在 Wireshark 中查看绝对时间戳？

Question 1

（摘自评论）

pcap 文件（来自 tcpdump或者wireshark 或据我所知使用 libpcap 的其他任何东西）已经具有绝对时间；只有Wireshark 显示你需要调整。

在View菜单中单击Time Display Format并选择其中一个Time of Day选项。

Answer

（摘自评论）

pcap 文件（来自 tcpdump或者wireshark 或据我所知使用 libpcap 的其他任何东西）已经具有绝对时间；只有Wireshark 显示你需要调整。

在View菜单中单击Time Display Format并选择其中一个Time of Day选项。

Question 2

tcpdump 有自己的时间戳选项。

-t
    Don't print a timestamp on each dump line. 
-tt
    Print the timestamp, as seconds since January 1, 1970, 00:00:00, UTC, and fractions of a second since that time, on each dump line. 
-ttt
    Print a delta (micro-second resolution) between current and previous line on each dump line. 
-tttt
    Print a timestamp, as hours, minutes, seconds, and fractions of a second since midnight, preceded by the date, on each dump line. 
-ttttt
    Print a delta (micro-second resolution) between current and first line on each dump line.

您可以在 tcpdump 上找到更多信息手册页。

Answer

tcpdump 有自己的时间戳选项。

-t
    Don't print a timestamp on each dump line. 
-tt
    Print the timestamp, as seconds since January 1, 1970, 00:00:00, UTC, and fractions of a second since that time, on each dump line. 
-ttt
    Print a delta (micro-second resolution) between current and previous line on each dump line. 
-tttt
    Print a timestamp, as hours, minutes, seconds, and fractions of a second since midnight, preceded by the date, on each dump line. 
-ttttt
    Print a delta (micro-second resolution) between current and first line on each dump line.

您可以在 tcpdump 上找到更多信息手册页。

如何在 Wireshark 中查看绝对时间戳？

答案1

答案2

相关内容