如何在 Wireshark 中查看絕對時間戳？

有一個pcap打開的文件範例wireshark

第二列是時間。是否可以在這裡看到絕對時間戳而不是相對時間戳？

（來自評論）

pcap 文件（來自 tcpdump或wireshark 或 AFAIK 任何其他使用 libpcap 的文件）已經有絕對時間；它只是您需要調整的Wireshark 顯示。

在View菜單中點擊Time Display Format並選擇其中一個Time of Day選項。

tcpdump 有自己的時間戳選項。

-t
   Don't print a timestamp on each dump line. 
-tt
   Print the timestamp, as seconds since January 1, 1970, 00:00:00, UTC, and fractions of a second since that time, on each dump line. 
-ttt
   Print a delta (micro-second resolution) between current and previous line on each dump line. 
-tttt
   Print a timestamp, as hours, minutes, seconds, and fractions of a second since midnight, preceded by the date, on each dump line. 
-ttttt
   Print a delta (micro-second resolution) between current and first line on each dump line. 

您可以在 tcpdump 手冊頁中找到更多資訊。

引用自：https://serverfault.com/questions/772736