Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] pcap-ng support

From: Stephen Fisher <stephentfisher@xxxxxxxxx>
Date: Sat, 16 Feb 2008 01:10:58 -0700
On Thu, Jan 17, 2008 at 04:31:46PM -0800, Gianluca Varenni wrote:

> FYI today I tried opening a pcap-ng file with wireshark rev 24118, and 
> it sort of worked.

> What doesn't work:

> - timestamps are wrong. There are two problems here:
>  1. the IDB option for the timestamp precision is not decoded, and I 
> was generating timestamps with nanosecond precision.
>  2. timestamps are not in the libpcap fashion (seconds and 
> microseconds, or seconds and nanoseconds). It's a single 64bit 
> quantity that is split into high and low 32bits.

This has been fixed in SVN revision 24349.  I can now read icmp2.ntar 
from the Wiki and get the sample timestamps that appear in the graphic.  
Wireshark also writes the correct timestamps.  Would you mind verifying 
with your other tool that can read pcapng files that the Wireshark 
timestamps are done correctly?


Thanks,
  Steve