Wireshark doesn’t come with a pre-made option for Unix Epoch timestamps, but setting up a custom format is straightforward:

• Open Wireshark, then navigate to the top menu: View → Time Display Format → Custom...
• In the "Custom time format" input box, pick one of these strings based on your needs:
  • %s for an integer Unix timestamp (seconds since epoch, no decimal part)
  • %s.%6f for a full Unix timestamp with microsecond precision (e.g., 1718000000.123456)
• Click OK, and your packet list’s time column will immediately switch to showing Unix Epoch timestamps.

You can use the frame.time_epoch field in Wireshark’s display filter to target packets with exact or range-based timestamps. This field represents Unix Epoch time in seconds (with decimal values for sub-second precision). Here are practical examples:

• Filter packets with an exact timestamp:

  frame.time_epoch == 1718000000.123456
  

• Filter packets after a specific time:

  frame.time_epoch > 1718000000
  

• Filter packets within a time window:

  frame.time_epoch >= 1718000000 && frame.time_epoch <= 1718000100
  

• Filter packets before a certain time:

  frame.time_epoch < 1718000200
  

Just type these into the display filter bar at the top of Wireshark and hit Enter to apply the filter.

内容的提问来源于stack exchange，提问作者crazy stone