In your analysis, you may have a group of packets where you want to see exactly how long the delay was within those packets. In Wireshark, you can set a time reference on the packet where you think the trouble began and watch the time values to see gaps in the transmission. Wireshark provides a variety of ways to set a time reference and then offers ways to navigate through the time references:

• Set/Unset Time Reference: This is a selection that allows you to set/unset a time reference.
• Unset All Time References: This will unset all time references.
• Next Time Reference: Once a reference is set, this allows you to navigate to the next time reference.
• Previous Time Reference: Once a reference is set, this allows you to navigate to the previous time reference.

• Time Shift: This is an option you can use when you need to adjust the time reference. For example, if you are examining two captures that each used a different file format—that is, one file used NTP (short for Network Time Protocol) and the other file used PTP (short for Precision Timing Protocol)—you may want to do a time shift. If you select this option, it will launch a dialog box where you can set your values, as shown here:

The last option shows where you can undo all shifts if you get unexpected results.

Now that we understand how we can reference or shift time in Wireshark, let's take a look at ways to personalize your work area.