ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
April 17th, 2024 | 14:30-16:00 SGT (UTC+8) | Online
Wireshark logo

Wireshark-bugs: [Wireshark-bugs] [Bug 4256] Timestamp negative offset

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Wed, 9 Dec 2009 09:38:34 -0800 (PST)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4256

Guy Harris <guy@xxxxxxxxxxxx> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |guy@xxxxxxxxxxxx

--- Comment #7 from Guy Harris <guy@xxxxxxxxxxxx> 2009-12-09 09:38:33 PST ---
Do you see the same thing if you capture traffic with WinDump:

    http://www.winpcap.org/windump/install/default.htm

If you run it without "-w", it'll print the time stamps of the packets.  If you
run it with "-w", it'll write out packets in libpcap format, which is also
Wireshark's format, so Wireshark can read the file.

If the same thing happens with WinDump - which I suspect it will - the problem
is a WinPcap issue (as I suspect it is), and the WinPcap developers might be
able to tell you whether the time stamps WinPcap supplies to applications using
it (such as WinDump and Wireshark's dumpcap) can go backwards when running in a
VM.  See

    http://www.winpcap.org/contact.htm

and

    http://www.winpcap.org/bugs.htm

for information on reporting bugs in WinPcap.

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube