I was comparing delta packet times between the same capture
file displayed by ethereal 0.8.17 and Network Associates
Sniffer Distributed Pro V4.0.08, and found a consistant
discrepency. The attached patch to wiretap/netxray.c
corrects the problem.
I assume the old value for timeunit exists for a reason.
Perhaps some older version of netxray created files using
it. The current Network Associates product uses the value
1000000.0, though.
--
Patrick Wolfe (pjw@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx)
Sr WAN Engineer, National Platforms Team, Cingular Wireless
I was comparing delta packet times between ethereal 0.8.17 and my
Network Associates Sniffer Distributed Pro V4.0.08, and found a
consistant discrepency. This simple patch corrects the problem.
I assume the old value for timeunit exists for a reason. Perhaps
some older version of netxray created files using it. The
current Network Associates product uses the value 1000000.0,
though. I will be glad to supply a capture file and text decode
from the Network Associates sniffer, to anyone who wants it.
Patrick Wolfe (pjw@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx, patrick.j.wolfe@xxxxxxxxxxxx)
Sr WAN Engineer, National Platforms Team, Cingular Wireless
*** netxray.c.orig Fri Mar 23 17:16:29 2001
--- netxray.c Tue May 1 13:32:55 2001
***************
*** 167,173 ****
file_type = WTAP_FILE_NETXRAY_1_1;
} else if (memcmp(hdr.version, vers_2_001, sizeof vers_2_001) == 0
|| memcmp(hdr.version, vers_2_002, sizeof vers_2_002) == 0) {
! timeunit = 1193180.0;
version_major = 2;
file_type = WTAP_FILE_NETXRAY_2_00x;
} else {
--- 167,182 ----
file_type = WTAP_FILE_NETXRAY_1_1;
} else if (memcmp(hdr.version, vers_2_001, sizeof vers_2_001) == 0
|| memcmp(hdr.version, vers_2_002, sizeof vers_2_002) == 0) {
! /*
! * I don't know where the previous value (1193180.0) came from,
! * but capture files created by our Network Associates Sniffer
! * Distributed Pro V4.0.08 do not display packet times
! * correctly in Ethereal unless timeunit = 1000000.0
! *
! * Patrick Wolfe (pjw@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx)
! */
! /*timeunit = 1193180.0; */
! timeunit = 1000000.0;
version_major = 2;
file_type = WTAP_FILE_NETXRAY_2_00x;
} else {