Wireshark

  • Riverbed Technology
  • WinPcap
the world's foremost network protocol analyzer
  • Wireshark
    • About
    • Download
    • Blog
  • Get Help
    • Ask a Question
    • FAQs
    • Documentation
    • Mailing Lists
    • Online Tools
    • Wiki
    • Bug Tracker
  • Develop
    • Get Involved
    • Developer's Guide
    • Browse the Code
    • Latest Builds

Wireshark-dev: Re: [Wireshark-dev] Working with pcap

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next


From: "Rob MacKenzie" <rmackenzie@xxxxxxx>
Date: Thu, 5 Jun 2008 14:19:23 -0400

http://wiki.wireshark.org/Development/LibpcapFileFormat

That's a description of the format.  If you want to analyze timestamps,
it is trivial to do so with the packet times inside the packet header.
I wrote a python app to do precisely that a while back.

Like Guy Harris said, the Pcap file is very standardized and outside
Wireshark's control.  This is more of a question relating to
libpcap/winpcap or at least Wireshark-users.

Good luck with your development,

Rob MacKenzie
Advanced Connectivity Developer

-----Original Message-----
From: wireshark-dev-bounces@xxxxxxxxxxxxx
[mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Guy Harris
Sent: June 5, 2008 12:34 PM
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] Working with pcap

Nicholas Marra wrote:
> I'm attempting to use pcap to compare time intervals. I need to know
how
> Wireshark implements pcap. Is there any good info out there?

What do you mean by "implements pcap"?  All libpcap/WinPcap do is let
you capture packets; determining the interval between packets (which I
presume are the time intervals you're comparing) is something the
application using libpcap/WinPcap will have to do itself.
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
https://wireshark.org/mailman/listinfo/wireshark-dev

---------------------------------------------------------------------
This transmission (including any attachments) may contain confidential information, privileged material (including material protected by the solicitor-client or other applicable privileges), or constitute non-public information. Any use of this information by anyone other than the intended recipient is prohibited. If you have received this transmission in error, please immediately reply to the sender and delete this information from your system. Use, dissemination, distribution, or reproduction of this transmission by unintended recipients is not authorized and may be unlawful.
  • References:
    • [Wireshark-dev] Working with pcap
      • From: Nicholas Marra
    • Re: [Wireshark-dev] Working with pcap
      • From: Guy Harris
  • Prev by Date: [Wireshark-dev] Build Failure.Please help!!
  • Next by Date: Re: [Wireshark-dev] Build Failure.Please help!!
  • Previous by thread: Re: [Wireshark-dev] Working with pcap
  • Next by thread: [Wireshark-dev] dynamic dissector
  • Index(es):
    • Date
    • Thread

Wireshark and the "fin" logo are registered trademarks of the Wireshark Foundation