Thanks Guy, I'll let you know if I work anything out here.
-----Original Message-----
From: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Guy Harris
Sent: Friday, 4 December 2015 10:18 AM
To: Developer support list for Wireshark <wireshark-dev@xxxxxxxxxxxxx>
Subject: Re: [Wireshark-dev] wiretap - using as a library rather than coupled with Wireshark?
On Dec 3, 2015, at 3:12 PM, Guy Harris <guy@xxxxxxxxxxxx> wrote:
> On Dec 3, 2015, at 2:53 PM, Richard Kinder <rkinder@xxxxxxxxxxxxx> wrote:
>
>> From what I can see, peektagged has no TSF timestamp
>
> The "Peek tagged" format (to use WildPackets^WSavvius's name for it) *does* support TSF time stamps;
Sorry, my mistake. What we currently parse are tags for the upper and lower 32 bits of "the time when the packet arrived", not any tags for the TSF time stamp. 0x000C and 0x000D *might* be a TSF time stamp, but, without a capture where *Peek identifies something as the TSF time stamp and gets the values from those two tags, we don't know that for sure.
If you can identify any of the unknown tag values (at least some of which we're pretty sure we know, but others are mysteries), that would be nice.
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives: https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
This email, including its contents and any attachment(s), may contain confidential information of Quantenna Communications, Inc. and is solely for the intended recipient(s). If you may have received this in error, please contact the sender and permanently delete this email, its contents and any attachment(s).
