Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] Clearly, someone thought no one should be using CommView aft

From: Guy Harris <gharris@xxxxxxxxx>
Date: Sun, 18 Apr 2021 22:45:30 -0700
On Apr 18, 2021, at 10:18 PM, Eugène Adell <eugene.adell@xxxxxxxxx> wrote:

> probably the guy writing this considered the "Epochalypse" problem.

Or wanted *some* test to help rule out files that are probably not ConnView NCF files (there is no file header, so there's no file magic number, and there's no packet magic number, either, so you can't just test that to check whether the file is an NCF file or not), and went with "make sure year is < 2038 because the 32-bit signed time epoch issue makes it an "obvious" choice.

It'd might still be useful to have *some* value there, to keep the heuristic reasonably strong, but maybe we should pick a bigger number.  (If, as per Richard's comment on my merge request:

	https://gitlab.com/wireshark/wireshark/-/merge_requests/2762#note_554424206

Tamosoft may be considering switching to pcapng, if they do, perhaps we could use the year in which they do so plus 100, or something such as that.)