Wireshark · Ethereal-dev: Re: [Ethereal-dev] Sniffer .cap packet times are still incorrect.

Ethereal-dev: Re: [Ethereal-dev] Sniffer .cap packet times are still incorrect.

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <gharris@xxxxxxxxx>

Date: Thu, 18 Mar 2004 23:42:14 -0800

On Wed, Mar 10, 2004 at 10:13:49AM -0700, Greg Morris wrote:
> The attached captures are the same but one in lanalyzer format (.tr1)
> the other in sniffer format (.cap). The duration of the trace is
> 15:28:51 as you can see when viewing the tr1 file. But the cap file
> reports about half of that. 
> 
> Is there someone working on the wiretap libraries that could resolve
> this issue?

People have worked on it at various times - with no success.  It's not
obvious what, in the file (or packet?) header, indicates what units a
time unit value of 2 means; see the comment in "wiretap/netxray.c"
before the definition of the "TpS" array.

See:

	mail to ethereal-dev from September 17, 2002 with the subject
	"Display time issue";

	mail to ethereal-dev from Ian Schorr, Jason House, and me from
	February and March 2003;

	mail to ethereal-dev and ethereal-users from Bill Meier, Robert
	Long, Ian Schorr, and me from June and July of 2003.

References:
- [Ethereal-dev] Sniffer .cap packet times are still incorrect.
  - From: Greg Morris

Prev by Date: Re: [Ethereal-dev] "Expand Tree" item in context menu
Next by Date: Re: [Ethereal-dev] New dissector code and patches: GSM A/TCAP/GSM SS/GSM MAP
Previous by thread: Re: [Ethereal-dev] Sniffer .cap packet times are still incorrect.
Next by thread: [Ethereal-dev] Display filter working
Index(es):
- Date
- Thread