Thanks. Yes, I know this header format, but stil do not understand this. Like in example aaa.pcap which is available here: http://wiki.wireshark.org/SampleCaptures#head-6f6128a524888c86ee322aa7cbf0d7b7a8fdf353 . If I open it in hex edit and look for time i see this:
... 24 02 C9 42 90 CE 0C 00... for first packet. That does not show the time from 1 of January 1970. The second part (90 CE 0C 00) does not show miliseconds. Try and see that this is not time. Dont know why. Help if anyone know.
Thanks and regards
________________________________
From: wireshark-users-bounces@xxxxxxxxxxxxx on behalf of Ulf Lamping
Sent: pon 19.2.2007 13:03
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] Time in .pcap file
>
>
> I do not know how to get time from .pcap file. If open any pcap file with hex editor I think that first 24 B is a pcap header, then is 16 B where first 8 B is time. Is that true??? If that is true I do not know, how to understand and get time from this 8 B. I have tried several pcap files but I can not to get time from B i mentioned. Can someone help me?
>
See http://wiki.wireshark.org/Development/LibpcapFileFormat
Regards, ULFL
______________________________________________________________________
XXL-Speicher, PC-Virenschutz, Spartarife & mehr: Nur im WEB.DE Club!
Jetzt gratis testen! http://freemail.web.de/home/landingpad/?mc=021130
_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users
<<winmail.dat>>
