Wireshark · Ethereal-users: Re: [Ethereal-users] mergecap screwing up timestamps

Ethereal-users: Re: [Ethereal-users] mergecap screwing up timestamps

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <gharris@xxxxxxxxx>

Date: Tue, 14 Dec 2004 01:31:56 -0800

Edward Mazurek wrote:

I have mergecap 0.10.4. I think it's the latest as I just downloaded it.

The latest is 0.10.7; some platforms might not have the latest versionin binary form, so the one available for those platforms might be older,e.g. 0.10.4.


You might want to try 0.10.7, if you can.

Anyone out there using mergecap to merge together trace files?

I'm trying to merge together some trace files and it's screwing
up the timestamps in the output file.

For example:

- In the output file the timestamps start @ 3:30AM then at around
frame 350 the timestamps go to 2:19:05AM. The are supposed to be
in chronological order.

- Also, all of the records timestamps are not the same in the output
file vs. what they were in the input file. I'm using the current
ethereal to view both the input and output(merged) file.

What file formats are the input files? Read the file into Ethereal,select "Summary" from the "Statistics" file, and report what it says for"Format:".

I assume you didn't specify a "-F" flag, so the output file was inlibpcap format.

References:
- [Ethereal-users] mergecap screwing up timestamps
  - From: Edward Mazurek

Prev by Date: Re: [Ethereal-users] Opening an Ethereal file
Next by Date: Re: [Ethereal-users] Error when trying to run 'make'
Previous by thread: [Ethereal-users] mergecap screwing up timestamps
Next by thread: [Ethereal-users] Re: mergecap screwing up timestamps
Index(es):
- Date
- Thread