On Mar 23, 2010, at 4:09 PM, Jaap Keuter wrote:
> Maybe file creation time can help you here.
...if you're running on an OS that supports a creation time (Windows, some but not all UN*Xes) and the file is on a file system that supports it. (Wireshark currently doesn't attempt to get the creation time on any UN*X, and I don't think it does so on Windows, either.)
> What does pcap-ng has to offer in this respect?
The Interface Statistics Block has capture start time and capture end time options; that block appears to be intended to appear at the *end* of the capture, so if you're running a one-pass program, you can't display packet time stamps as "seconds since the capture started".
If there was a capture start time option for the Interface Description Block, that would be possible.
