On Dec 2, 2003, at 12:37 PM, Guy Harris wrote:
It seems that only AiroPeek moved to this new file format, so that is
why I called it airopeek9. (I downloaded the latest demo version of
Etherpeek and the samples that came with this version are still
version
7 files). Does anyone know if EtherPeek also uses V9 files?
What about EtherPeek NX? (The new file format's MediaType value
matches what appears in AiroPeek captures, so perhaps it's currently
only used for AiroPeek - maybe they wanted to add a bunch of
additional information, and decided to go with a new format.)
It appears that *some* version of EtherPeek does; I've seen an Ethernet
capture using the new format, and have checked in changes to handle
that.
There is still one problem with this version: the time stamp is NOT
correct. It is still about 31 years in the future. The time difference
between packets is OK. Has anybody a suggestion what could be the
magic
with the time stamps in these files?
Perhaps the time stamps in V9 files aren't relative to the Mac OS OT
(the non-UNIX Mac OS) time origin, given that it's a new file format
and that it's not a Mac application?
The Ethernet captures in V9 format came from a Mac.
But the time stamps look as if they're relative to the Windows FILETIME
epoch, namely midnight, January 1, 1601. I've checked in changes to
handle that; they appear to work, although there *might* be time zone
issues.