Ethereal-users: Re: [Ethereal-users] Anybody know how to use editcap to modify the timestamps of
Yes, I do, by RTFM ;)
blok@for-gods-sake ~
$ tethereal -ta -r tmp.cap
1 00:21:52.341298 213.206.125.35 -> 147.229.3.16 TCP 13372 > http [SYN] Seq=1893157956 Len=0 MSS=1460 TSV=73450120 TSER=0 WS=0
2 00:21:52.378721 147.229.3.16 -> 213.206.125.35 TCP http > 13372 [SYN, ACK] Seq=2108860794 Ack=1893157957 Win=57344 Len=0 MSS=1460 WS=0 TSV=115486344 TSER=73450120
3 00:21:52.379572 213.206.125.35 -> 147.229.3.16 TCP 13372 > http [ACK] Seq=1893157957 Ack=2108860795 Win=1460 Len=0 TSV=73450124 TSER=115486344
4 00:21:52.380014 213.206.125.35 -> 147.229.3.16 HTTP GET /daily.cvd HTTP/1.1[Packet size limited during capture]
5 00:21:52.425102 147.229.3.16 -> 213.206.125.35 HTTP HTTP/1.1 206 Partial Content[Packet size limited during capture]
6 00:21:52.425166 147.229.3.16 -> 213.206.125.35 TCP http > 13372 [FIN, ACK] Seq=2108861618 Ack=1893158100 Win=57920 Len=0 TSV=115486348 TSER=73450124
7 00:21:52.426846 213.206.125.35 -> 147.229.3.16 TCP 13372 > http [ACK] Seq=1893158100 Ack=2108861618 Win=7407 Len=0 TSV=73450128 TSER=115486348
8 00:21:52.426918 213.206.125.35 -> 147.229.3.16 TCP 13372 > http [FIN, ACK] Seq=1893158100 Ack=2108861619 Win=7407 Len=0 TSV=73450128 TSER=115486348
9 00:21:52.464643 147.229.3.16 -> 213.206.125.35 TCP http > 13372 [ACK] Seq=2108861619 Ack=1893158101 Win=57920 Len=0 TSV=115486352 TSER=73450128
blok@for-gods-sake ~
$ editcap -t 10 tmp.cap tmp2.cap
blok@for-gods-sake ~
$ tethereal -ta -r tmp2.cap
1 00:22:02.341298 213.206.125.35 -> 147.229.3.16 TCP 13372 > http [SYN] Seq=1893157956 Len=0 MSS=1460 TSV=73450120 TSER=0 WS=0
2 00:22:02.378721 147.229.3.16 -> 213.206.125.35 TCP http > 13372 [SYN, ACK] Seq=2108860794 Ack=1893157957 Win=57344 Len=0 MSS=1460 WS=0 TSV=115486344 TSER=73450120
3 00:22:02.379572 213.206.125.35 -> 147.229.3.16 TCP 13372 > http [ACK] Seq=1893157957 Ack=2108860795 Win=1460 Len=0 TSV=73450124 TSER=115486344
4 00:22:02.380014 213.206.125.35 -> 147.229.3.16 HTTP GET /daily.cvd HTTP/1.1[Packet size limited during capture]
5 00:22:02.425102 147.229.3.16 -> 213.206.125.35 HTTP HTTP/1.1 206 Partial Content[Packet size limited during capture]
6 00:22:02.425166 147.229.3.16 -> 213.206.125.35 TCP http > 13372 [FIN, ACK] Seq=2108861618 Ack=1893158100 Win=57920 Len=0 TSV=115486348 TSER=73450124
7 00:22:02.426846 213.206.125.35 -> 147.229.3.16 TCP 13372 > http [ACK] Seq=1893158100 Ack=2108861618 Win=7407 Len=0 TSV=73450128 TSER=115486348
8 00:22:02.426918 213.206.125.35 -> 147.229.3.16 TCP 13372 > http [FIN, ACK] Seq=1893158100 Ack=2108861619 Win=7407 Len=0 TSV=73450128 TSER=115486348
9 00:22:02.464643 147.229.3.16 -> 213.206.125.35 TCP http > 13372 [ACK] Seq=2108861619 Ack=1893158101 Win=57920 Len=0 TSV=115486352 TSER=73450128
blok@for-gods-sake ~
$
As you can see "editcap -t 10 tmp.cap tmp2.cap" increased all timestamps
by 10 seconds.
Hope this helps, Cheers, Sake