On Thu, Jan 17, 2008 at 04:31:46PM -0800, Gianluca Varenni wrote:
> FYI today I tried opening a pcap-ng file with wireshark rev 24118, and
> it sort of worked.
> - timestamps are wrong. There are two problems here:
> 1. the IDB option for the timestamp precision is not decoded, and I was
> generating timestamps with nanosecond precision.
> 2. timestamps are not in the libpcap fashion (seconds and microseconds, or
> seconds and nanoseconds). It's a single 64bit quantity that is split into
> high and low 32bits.
Thanks for the feedback. Is it possible for you to place at least one
NTAR generated trace on the Wiki page for pcapg support
(http://wiki.wireshark.org/Development/PcapNg) with information about
the trace such as the correct timestamps and anything else that is being
read wrong currently?
Thanks,
Steve
