How can I change the time stamps in my Wireshark capture files to match the time stamps in the log files?

By default, Wireshark displays all time stamps in absolute time (seconds) since the beginning of the capture. CDRouter uses the time of day (in hh:mm:ss format) for all time stamps. Because the two time scales are different, it is difficult to reference specific events in the log file with the packet details in the capture file(s). This can be easily fixed by modifying the default time display format in Wireshark.

Modifying the time display format in Wireshark

  • Open Wireshark

  • Select the View menu

  • Select Time Display Format

  • Select Time of Day:

Once you have modified the time display format in Wireshark, the time stamps in the log files and capture files should line up.