Wireshark · Ethereal-users: [Ethereal-users] how to understand the capture time!

Ethereal-users: [Ethereal-users] how to understand the capture time!

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Huang Qian <huangq@xxxxxxxxxxxxxxxxxxxxxxxxxx>

Date: Thu, 13 Jun 2002 17:32:41 +0800

Hi, Dear All,

The webpages about pcap says that the "pcap_pkthdr" structure contains the information about when the packet was sniffed, that is:
   struct pcap_pkthdr{
                       struct timeval ts;
                       bpf_u_int32 caplen;
                       bpf_u_int32 len;
                     } 
I wonder whether the "ts" is just the time when the pcap captured the packet? Whether Ethereal use this data for the time when a packet was captured?

Ethereal display the captured packets like:
Frame 1
      Arrival time: Jun 13, 2002 12:00:00.1234546789
 　   ...

How Ethereal gets this arrival time? from the pcap_pkthdr mentioned upper? the datum "123456789" come directly from the "tv_usec" part in the timeval strcuture?

Any suggestion or asistance is highly appreciated!
Thanks in advance!

 				
Best Regards!

Qian Huang
Intern Student 
Bell Labs Research China

Email:huangq@xxxxxxxxxxxxxxxxxxxxxxxxxx
http://blrc.edu.cn

Follow-Ups:
- Re: [Ethereal-users] how to understand the capture time!
  - From: Guy Harris

Prev by Date: AW: [Ethereal-users] Ethereal 0.9.4 on NT4 : no submenus
Next by Date: Re: [Ethereal-users] how to understand the capture time!
Previous by thread: AW: [Ethereal-users] Ethereal 0.9.4 on NT4 : no submenus
Next by thread: Re: [Ethereal-users] how to understand the capture time!
Index(es):
- Date
- Thread