Michael Tuexen wrote:
On Jul 27, 2005, at 16:12 Uhr, Ulf Lamping wrote:
Hi List!
I currently ran into a problem to get captured data into Ethereal
with 1ns timestamps from a special capture hardware.
The libpcap format has a minimum timestamp resolution of 1us:
guint32 ts_sec; /* timestamp seconds */
guint32 ts_usec; /* timestamp microseconds */
I could save the data with ns resolution in the us timestamp part
(guint32 would be large enough to handle this) and tweak the display
(e.g. using a preference), but this would be very ugly as it would
require to switch this pref all the time when working with both formats.
Another solution would be to implement the PCAPng format mentioned
some time before on this list. Using this format one can keep the
timestamp resolution inside the capture file.
Any other (possibly more simple) ideas? Probably using an already
existing format which supports this ns timestamps just today? > Hi Ulf,
just implement your own format. It is not difficult to do at all...
Dumas Hwang of Navtel Communications asked for, and got, a magic number
for a format that includes nanosecond time stamps; in his
tcpdump-workers mail, he mentioned updating Ethereal to handle this, but
I don't know what the status of that work is.
Dumas, is that new format being used? If so, is there any difference
between it and the regular format other than the time stamp being
seconds/nanoseconds rather than seconds/microseconds (e.g., extra fields
in the file header or the per-packet header, or non-standard DLT_ values
that collide with assigned DLT_ values)? Ulf might want to use that
format as well.
