24 02 C9 42 90 CE 0C 00
C9 42 90 CE
reverse byte order
42 C9 CE 90
That looks like a timestamp.
On Mon, 19 Feb 2007 13:37:51 +0100, "Goran Štrok"
<goran.strok@xxxxxxxxx> said:
> Thanks. Yes, I know this header format, but stil do not understand this.
> Like in example aaa.pcap which is available here:
> http://wiki.wireshark.org/SampleCaptures#head-6f6128a524888c86ee322aa7cbf0d7b7a8fdf353
> . If I open it in hex edit and look for time i see this:
> ... 24 02 C9 42 90 CE 0C 00... for first packet. That does not show the
> time from 1 of January 1970. The second part (90 CE 0C 00) does not show
> miliseconds. Try and see that this is not time. Dont know why. Help if
> anyone know.
> Thanks and regards
>
> ________________________________
>
> From: wireshark-users-bounces@xxxxxxxxxxxxx on behalf of Ulf Lamping
> Sent: pon 19.2.2007 13:03
> To: Community support list for Wireshark
> Subject: Re: [Wireshark-users] Time in .pcap file
>
>
>
> >
> >
> > I do not know how to get time from .pcap file. If open any pcap file with hex editor I think that first 24 B is a pcap header, then is 16 B where first 8 B is time. Is that true??? If that is true I do not know, how to understand and get time from this 8 B. I have tried several pcap files but I can not to get time from B i mentioned. Can someone help me?
> >
> See http://wiki.wireshark.org/Development/LibpcapFileFormat
>
> Regards, ULFL
>
> ______________________________________________________________________
> XXL-Speicher, PC-Virenschutz, Spartarife & mehr: Nur im WEB.DE Club!
> Jetzt gratis testen! http://freemail.web.de/home/landingpad/?mc=021130
>
> _______________________________________________
> Wireshark-users mailing list
> Wireshark-users@xxxxxxxxxxxxx
> http://www.wireshark.org/mailman/listinfo/wireshark-users
>
>
--
Hans Nilsson
hasse_gg@xxxxxxxx
--
http://www.fastmail.fm - Send your email first class
