Wireshark-users: Re: [Wireshark-users] Time in .pcap file
From: Goran Štrok <[email protected]>
Date: Mon, 19 Feb 2007 15:16:06 +0100
Thanks a lot. This is what I need.
 

________________________________

From: [email protected] on behalf of Hans Nilsson
Sent: pon 19.2.2007 14:57
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] Time in .pcap file



24 02 C9 42 90 CE 0C 00

C9 42 90 CE
reverse byte order
42 C9 CE 90

That looks like a timestamp.

On Mon, 19 Feb 2007 13:37:51 +0100, "Goran &#352;trok"
<[email protected]> said:
> Thanks. Yes, I know this header format, but stil do not understand this.
> Like in example aaa.pcap which is available here:
> http://wiki.wireshark.org/SampleCaptures#head-6f6128a524888c86ee322aa7cbf0d7b7a8fdf353
> . If I open it in hex edit and look for time i see this:
> ... 24 02 C9 42 90 CE 0C 00... for first packet. That does not show the
> time from 1 of January 1970. The second part (90 CE 0C 00) does not show
> miliseconds. Try and see that this is not time. Dont know why. Help if
> anyone know.
> Thanks and regards
>
> ________________________________
>
> From: [email protected] on behalf of Ulf Lamping
> Sent: pon 19.2.2007 13:03
> To: Community support list for Wireshark
> Subject: Re: [Wireshark-users] Time in .pcap file
>
>
>
> >
> >
> > I do not know how to get time from .pcap file. If open any pcap file with hex editor I think that first 24 B is a pcap header, then is 16 B where first 8 B is time. Is that true??? If that is true I do not know, how to understand and get time from this 8 B. I have tried several pcap files but I can not to get time from B i mentioned. Can someone help me?
> >
> See http://wiki.wireshark.org/Development/LibpcapFileFormat
>
> Regards, ULFL
>
> ______________________________________________________________________
> XXL-Speicher, PC-Virenschutz, Spartarife & mehr: Nur im WEB.DE Club!     
> Jetzt gratis testen! http://freemail.web.de/home/landingpad/?mc=021130
>
> _______________________________________________
> Wireshark-users mailing list
> [email protected]
> http://www.wireshark.org/mailman/listinfo/wireshark-users
>
>
--
  Hans Nilsson
  [email protected]

--
http://www.fastmail.fm <http://www.fastmail.fm/>  - Send your email first class

_______________________________________________
Wireshark-users mailing list
[email protected]
http://www.wireshark.org/mailman/listinfo/wireshark-users


<<winmail.dat>>