ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
July 17th, 2024 | 10:00am-11:55am SGT (UTC+8) | Online
Wireshark logo

Ethereal-dev: [Ethereal-dev] Understanding different time representations

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Edward Mazurek <emazurek@xxxxxxxxx>
Date: Fri, 04 Jun 2004 14:18:28 -0400
Hi,

I've written a special trace file formatter that runs against
both Sniffer(TRSNIFF) and Ethereal(XCP) type files and I'm
having a little problem with the time calculations. In some
of the XCP files it looks like the absolute time calculation
needs to include dividing by 3.57967377666. In other of the
XCP files I don't need to do this because the time is already
in microseconds. Does anyone know what exactly in the header
I can look for to determine if I need to do that extra divide?

file: d:\cases\e667165\bad.cap - I don't need to divide. Here's
a hexdump of th eheader portion:

000000  58 43 50 00 30 30 32 2E  30 30 32 00 0D 60 30 40     XCP.002.002..`0@
000010  BB 8B 00 00 F9 51 12 01  80 00 00 00 F9 51 12 01     »‹..ùQ..€...ùQ..
000020  00 00 00 00 00 00 00 00  F9 51 12 01 00 00 00 00     ........ùQ......
000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00     ................
000040  00 00 00 00 00 00 00 00  14 00 04 00 99 9E 36 00     ............™ž6.
000050  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00     ................
000060  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00     ................
000070  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00     ................
000080  72 16 01 00 00 00 00 00  68 00 68 00 00 00 00 00     r.......h.h.....
000090  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00     ................
0000A0  00 00 00 00 00 00 00 00  02 00 88 C4 4E 60 00 04     ..........ˆÄN`..
0000B0  27 AA F0 C2 08 00 45 40  00 5A 3B F4 00 00 FD 11     'ªðÂ[email protected];ô..ý.

file: D:\cases\e667165\04082004\AAMITrigger010wpn.cap - I do need to divide.
Here's the hexdump of the header:

000000  58 43 50 00 30 30 32 2E  30 30 32 00 55 50 73 40     XCP.002.002.UPs@
000010  ED 4F 01 00 E9 FE 7F 02  80 00 00 00 E9 FE 7F 02     íO..éþ.€...éþ.
000020  4F E4 7B 02 00 00 00 00  E9 FE 7F 02 00 00 00 00     Oä{.....éþ.....
000030  02 00 00 00 E1 F6 FF 27  8F 00 00 00 00 E1 F5 05     ....áöÿ'�....áõ.
000040  00 00 00 00 00 00 00 00  14 00 04 00 99 9E 36 00     ............™ž6.
000050  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00     ................
000060  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00     ................
000070  00 00 00 00 00 00 00 00  00 00 00 00 01 01 F6 FF     ..............öÿ
000080  7D 80 87 35 D8 00 00 00  A4 05 A4 05 00 00 00 00     }€‡5Ø...¤.¤.....
000090  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00     ................
0000A0  00 00 00 00 00 00 00 00  00 04 27 AA F0 C2 02 00     ..........'ªðÂ..
0000B0  88 C4 4E 60 08 00 45 40  05 96 89 77 00 00 40 11     ˆÄN`..E@.–‰w..@.


Thanks,

Ed
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube