ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
July 17th, 2024 | 10:00am-11:55am SGT (UTC+8) | Online
Wireshark logo

Ethereal-dev: [Ethereal-dev] patch to fix time display in sniffer pro capture files

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Patrick Wolfe <pjw@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Date: Tue, 1 May 2001 13:49:03 -0500 (CDT)
I was comparing delta packet times between the same capture
file displayed by ethereal 0.8.17 and Network Associates
Sniffer Distributed Pro V4.0.08, and found a consistant
discrepency.  The attached patch to wiretap/netxray.c
corrects the problem.

I assume the old value for timeunit exists for a reason.
Perhaps some older version of netxray created files using
it.  The current Network Associates product uses the value
1000000.0, though.

--

Patrick Wolfe (pjw@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx)
Sr WAN Engineer, National Platforms Team, Cingular Wireless


I was comparing delta packet times between ethereal 0.8.17 and my
Network Associates Sniffer Distributed Pro V4.0.08, and found a
consistant discrepency.  This simple patch corrects the problem.

I assume the old value for timeunit exists for a reason.  Perhaps
some older version of netxray created files using it.  The
current Network Associates product uses the value 1000000.0,
though.  I will be glad to supply a capture file and text decode
from the Network Associates sniffer, to anyone who wants it.

Patrick Wolfe (pjw@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx, patrick.j.wolfe@xxxxxxxxxxxx)
Sr WAN Engineer, National Platforms Team, Cingular Wireless


*** netxray.c.orig	Fri Mar 23 17:16:29 2001
--- netxray.c		Tue May  1 13:32:55 2001
***************
*** 167,173 ****
  		file_type = WTAP_FILE_NETXRAY_1_1;
  	} else if (memcmp(hdr.version, vers_2_001, sizeof vers_2_001) == 0
  	    || memcmp(hdr.version, vers_2_002, sizeof vers_2_002) == 0) {
! 		timeunit = 1193180.0;
  		version_major = 2;
  		file_type = WTAP_FILE_NETXRAY_2_00x;
  	} else {
--- 167,182 ----
  		file_type = WTAP_FILE_NETXRAY_1_1;
  	} else if (memcmp(hdr.version, vers_2_001, sizeof vers_2_001) == 0
  	    || memcmp(hdr.version, vers_2_002, sizeof vers_2_002) == 0) {
! 		/*
! 		 * I don't know where the previous value (1193180.0) came from,
! 		 * but capture files created by our Network Associates Sniffer
! 		 * Distributed Pro V4.0.08 do not display packet times
! 		 * correctly in Ethereal unless timeunit = 1000000.0
! 		 *
! 		 * Patrick Wolfe (pjw@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx)
! 		 */
! 		/*timeunit = 1193180.0; */
! 		timeunit = 1000000.0;
  		version_major = 2;
  		file_type = WTAP_FILE_NETXRAY_2_00x;
  	} else {
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube