----- Original Message ----- From: "Stephen Fisher" <[EMAIL PROTECTED]> To: "Developer support list for Wireshark" <[email protected]> Sent: Thursday, January 17, 2008 4:52 PM Subject: Re: [Wireshark-dev] pcap-ng support
> On Thu, Jan 17, 2008 at 04:31:46PM -0800, Gianluca Varenni wrote: > >> FYI today I tried opening a pcap-ng file with wireshark rev 24118, and >> it sort of worked. > >> - timestamps are wrong. There are two problems here: >> 1. the IDB option for the timestamp precision is not decoded, and I was >> generating timestamps with nanosecond precision. >> 2. timestamps are not in the libpcap fashion (seconds and microseconds, >> or >> seconds and nanoseconds). It's a single 64bit quantity that is split into >> high and low 32bits. > > Thanks for the feedback. Is it possible for you to place at least one > NTAR generated trace on the Wiki page for pcapg support > (http://wiki.wireshark.org/Development/PcapNg) with information about > the trace such as the correct timestamps and anything else that is being > read wrong currently? Done. There's a file called icmp.ntar containing 8 ICMP messages, and a small screenshot of a tool that is able to read pcap-ng files correctly. Have a nice day GV > > > Thanks, > Steve > > _______________________________________________ > Wireshark-dev mailing list > [email protected] > http://www.wireshark.org/mailman/listinfo/wireshark-dev _______________________________________________ Wireshark-dev mailing list [email protected] http://www.wireshark.org/mailman/listinfo/wireshark-dev
