On Fri, Feb 26, 2021 at 9:10 AM Raj sekar <mrajse...@gmail.com> wrote: > > Hi Everyone! > > Need a help. Is there any library or method to get large pcap file's( offline > ) last timestamp. > > I know capinfos can get this. But i want faster than capinfos. > > Any suggestion?
Because each captured frame can be a different length, normally you would have to skip all the preceding frames to get the timestamp of the last record. However, a heuristic approach might be to read the header to get the capture-length, and then read that much from the end of the file and look for an appropriate record header ... On the other hand, I am unaware of any code that does that. -- Regards, Richard Sharpe (何以解憂?唯有杜康。--曹操)(传说杜康是酒的发明者) ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
