Wireshark-users: Re: [Wireshark-users] Differing Timestamps Between Netasyst & Wireshark

From: "Bill Meier" <wmeier@xxxxxxxxxxx>
Date: Mon, 07 Aug 2006 14:03:58 -0400

> 
> I have a trace taken on a machine running the Network General sniffer 
> Netasyst. If I then open the trace in Netasyst on my laptop the timestamps 
> match that of some Cisco Call Manager QRT logs. If I then open the same trace 
> in Wireshark, the timestamps are wildly inaccurate.
> 
> I know there was some problems with Sniffer timestamps before, but I thought 
> this was a difference of around 6 seconds or so and was fixed.
> 
> In this case the first packet in the trace opened in Netasyst shows it as 
> 31/07/2006 at 14:10:38, whilst the same packet in Wireshark is 31/07/2006 at 
> 22:16:45:500826.

If you can supply a short capture file (5-10 frames) along with the correct 
times as shown in Netasyst for at least the first several packets, I can do 
the analysis to determine if a different 'timeunit' is required for this type 
of capture.

(It would be most helpful if you can include in the times those with the most 
precision: usually the 'delta' timestams which is the time between packets),

Feel free to send the capture to my personal EMail if you prefer.

(My apologies if this shows up twice: I may have misaddressed the first 
reply).

Bill Meier