http://wiki.wireshark.org/Development/LibpcapFileFormat
That's a description of the format. If you want to analyze timestamps,
it is trivial to do so with the packet times inside the packet header.
I wrote a python app to do precisely that a while back.
Like Guy Harris said, the Pcap file is very standardized and outside
Wireshark's control. This is more of a question relating to
libpcap/winpcap or at least Wireshark-users.
Good luck with your development,
Rob MacKenzie
Advanced Connectivity Developer
-----Original Message-----
From: wireshark-dev-bounces@xxxxxxxxxxxxx
[mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Guy Harris
Sent: June 5, 2008 12:34 PM
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] Working with pcap
Nicholas Marra wrote:
> I'm attempting to use pcap to compare time intervals. I need to know
how
> Wireshark implements pcap. Is there any good info out there?
What do you mean by "implements pcap"? All libpcap/WinPcap do is let
you capture packets; determining the interval between packets (which I
presume are the time intervals you're comparing) is something the
application using libpcap/WinPcap will have to do itself.
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
https://wireshark.org/mailman/listinfo/wireshark-dev
---------------------------------------------------------------------
This transmission (including any attachments) may contain confidential information, privileged material (including material protected by the solicitor-client or other applicable privileges), or constitute non-public information. Any use of this information by anyone other than the intended recipient is prohibited. If you have received this transmission in error, please immediately reply to the sender and delete this information from your system. Use, dissemination, distribution, or reproduction of this transmission by unintended recipients is not authorized and may be unlawful.
