On Sat, Apr 12, 2003 at 11:43:04AM +0100, Martin Regner wrote:
> I have had some problems getting the "-t" option to work with text2pcap.
> I have tried several times and in some different ways but I always get
> "Jan 1, 1970 01:00:00.000000" for every packet.
That sounds like the UNIX epoch or, at least, one hour from the UNIX
epoch (the UNIX epoch in the Western European time zone?).
> The text2pcap program
> is from Ethereal 0.9.11 distribution, but I have tried this with some
> earlier version also. I have been experimenting with this on a Windows
> 98 (4.10.1998, Swedish) and always got this result.
>
> However now I noticed that it is working on my Windows 2000 PC (English
> edition). On that PC I get the correct timestamps.
>
> Is there anyone that has any hints of what may cause this problem?
Perhaps the Windows 98 version of "mktime()" is failing? Or perhaps
the "strptime()" we supply is screwing up on Windows 98?
> I could probably make a modified text2pcap version that adds some extra
> debug printouts e.g. in parse_preamble() routine to get some more
> details.
Check to see what happens after the "strptime()" call in
"parse_preamble()" - print out the members of the "timecode" structure,
to make sure the day/month/year/hour/minute/second values are set
appropriately (for example, for "22/11/2001 20:03:24.4375", that's
timecode.tm_sec: 24
timecode.tm_min: 3
timecode.tm_hour: 20
timecode.tm_mday: 22
timecode.tm_mon: 10
timecode.tm_year: 101 (2001-1900)
If they are, make sure that the return value from "strptime()" is
non-null, and that the result of "mktime()" isn't 0 or -1.
