Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Ethereal-dev: Re: [Ethereal-dev] Bug-Report: wiretap, timestamps and timezone

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Rolf Fiedler" <Rolf.Fiedler@xxxxxxxxxxxxxx>
Date: Mon, 19 Apr 2004 16:15:18 +0200
>> Greenwich time, since daylight saving time is in effect. But ethereal
>> does not care about "proper" timezone handling. This is a serious problem
>> for my application. I can reproduce the bug in both Windows and Linux.
>> My timestamps are GMT and my local machines are two hours off due to
>> daylight saving, but ethereal is only considering the 1 hour that I live east
>> of Greenwich.
>
>I can't duplicate that. Version 0.10.3 shows the correct time, on Linux
>at least. I just captured a few packets, and 'tcpdump -tttt -r' showed
>UTC timestamps, as it should, and Ethereal showed the correct local time
>(CEST, 2 hours ahead of UTC).
>-- 
>Regards,
>
>Marco.

I am also using version 0.10.3, BUT...
I am not using the libpcap wiretap module but the toshiba trace format
module. So maybe the bug ist in this module. It is parsing the strings
containing the timestamp to hr, min, sec and csec and then:

        if (wth) {
                wth->phdr.ts.tv_sec = hr * 3600 + min * 60 + sec;
                wth->phdr.ts.tv_usec = csec * 10000;
                wth->phdr.caplen = pkt_len;
                wth->phdr.len = pkt_len;
        }

So this will always be in 1970. Maybe in 1970 there was no daylight saving
time in effect for central europe???? Maybe it should do a gettimeofday,
get the current day's 00:00 and then add the tv_sec above as an offset??
I mean it will always be tricky if you do not know the day the trace was generated,
but the toshiba format is sub-optimal in this respect. Also if the trace runs for more
than a day it jumps back in time. But I've got complains for the thing being an
hour off. If anybody has a better idea how to handle it, please tell me. I am willing
to improve that (fixing is not possible due to the limitations of the file format).
How about getting the date from the file's timestamp?

Thanks for the replies, they were very helpful in narrowing it down. I think I will
just stop using the toshiba trace format, now that the EyeSDN format is in the
CVS.

Best regards,
Rolf

_______________________________________________________________________
... and the winner is... WEB.DE FreeMail! - Deutschlands beste E-Mail
ist zum 39. Mal Testsieger (PC Praxis 03/04) http://f.web.de/?mc=021191
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube