Ethereal-dev: Re: [Ethereal-dev] RE: [Ethereal-users] ethereal v0.8.14.1 and 0.8.14 on NT4SP5

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Guy Harris <guy@xxxxxxxxxx>
Date: Sat, 16 Dec 2000 18:21:25 -0800 (PST)
> At 10:27 AM 12/17/00 +1000, Michael Hennessy wrote:
> OK, it seems to me that NT uses a different date/time format, which is
> neither the UTIME format or DOS_DATE and DOS_TIME format, as I have
> modified Ethereal to dissect the date/time in both formats for an NT
> capture, and both are incorrect, it seems ...

Network Monitor thinks the time field in the "get attributes" reply is 4
bytes long; unless the four bytes after the 0x00 0x21 0x7c 0x86 are part
of an 8-byte value of type TIME (for which read FILETIME), it's not in
the NT format I mentioned (10ths of microseconds since an epochal date
back in 1601).

It's probably treating the time as an *unsigned* number of seconds since
January 1, 1970, 00:00:00.0, hence it's past 2038 (2041) rather than
before 1970 (1905).