Comment # 13
on bug 10190
from Guy Harris
I've checked into the trunk and 1.12 branches changes to, in files with a
version number of 2.3 or greater, handle the UTC time stamp in the trailer.
This should make the time stamp handling of Wireshark the same as the time
stamp handling of Network Monitor 3.4 (modulo NetMon perhaps not converting
time stamps in pre-2.3 files to UTC and then back to local time, but just
directly displaying them as local time).
It does *not* work with the attached file, however, just as that file doesn't
show the right time stamps in NetMon 3.4. Fixing that requires that somebody
at Microsoft resolve the issues with the files Message Analyzer writes, whether
by having it write out a version number of 2.3 (which doesn't handle old files)
or by answering the questions I asked (tl;dr version - if I treat 2.x files
with a non-zero value for the field in the ExtendedInfoOffset location in the
file header as having trailers for packets, with a UTC time stamp value,
regardless of the value of "x", should I also treat them as having a MAC type
and process info table index?).
You are receiving this mail because:
- You are watching all bug changes.
