----- Original Message -----
From: "Stephen Fisher" <stephentfisher@xxxxxxxxx>
To: "Developer support list for Wireshark" <wireshark-dev@xxxxxxxxxxxxx>
Sent: Thursday, January 17, 2008 4:52 PM
Subject: Re: [Wireshark-dev] pcap-ng support
On Thu, Jan 17, 2008 at 04:31:46PM -0800, Gianluca Varenni wrote:
FYI today I tried opening a pcap-ng file with wireshark rev 24118, and
it sort of worked.
- timestamps are wrong. There are two problems here:
1. the IDB option for the timestamp precision is not decoded, and I was
generating timestamps with nanosecond precision.
2. timestamps are not in the libpcap fashion (seconds and microseconds,
or
seconds and nanoseconds). It's a single 64bit quantity that is split into
high and low 32bits.
Thanks for the feedback. Is it possible for you to place at least one
NTAR generated trace on the Wiki page for pcapg support
(http://wiki.wireshark.org/Development/PcapNg) with information about
the trace such as the correct timestamps and anything else that is being
read wrong currently?
Done. There's a file called icmp.ntar containing 8 ICMP messages, and a
small screenshot of a tool that is able to read pcap-ng files correctly.
Have a nice day
GV
Thanks,
Steve
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev
