Ethereal-dev: [Ethereal-dev] Understanding different time representations
Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.
Hi,
I've written a special trace file formatter that runs against
both Sniffer(TRSNIFF) and Ethereal(XCP) type files and I'm
having a little problem with the time calculations. In some
of the XCP files it looks like the absolute time calculation
needs to include dividing by 3.57967377666. In other of the
XCP files I don't need to do this because the time is already
in microseconds. Does anyone know what exactly in the header
I can look for to determine if I need to do that extra divide?
file: d:\cases\e667165\bad.cap - I don't need to divide. Here's
a hexdump of th eheader portion:
000000 58 43 50 00 30 30 32 2E 30 30 32 00 0D 60 30 40
XCP.002.002..`0@
000010 BB 8B 00 00 F9 51 12 01 80 00 00 00 F9 51 12 01
»‹..ùQ..€...ùQ..
000020 00 00 00 00 00 00 00 00 F9 51 12 01 00 00 00 00
........ùQ......
000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
000040 00 00 00 00 00 00 00 00 14 00 04 00 99 9E 36 00
............™ž6.
000050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
000060 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
000070 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
000080 72 16 01 00 00 00 00 00 68 00 68 00 00 00 00 00
r.......h.h.....
000090 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
0000A0 00 00 00 00 00 00 00 00 02 00 88 C4 4E 60 00 04
..........ˆÄN`..
0000B0 27 AA F0 C2 08 00 45 40 00 5A 3B F4 00 00 FD 11
'ªðÂ[email protected];ô..ý.
file: D:\cases\e667165\04082004\AAMITrigger010wpn.cap - I do need to
divide.
Here's the hexdump of the header:
000000 58 43 50 00 30 30 32 2E 30 30 32 00 55 50 73 40
XCP.002.002.UPs@
000010 ED 4F 01 00 E9 FE 7F 02 80 00 00 00 E9 FE 7F 02
íO..éþ.€...éþ.
000020 4F E4 7B 02 00 00 00 00 E9 FE 7F 02 00 00 00 00
Oä{.....éþ.....
000030 02 00 00 00 E1 F6 FF 27 8F 00 00 00 00 E1 F5 05
....áöÿ'�....áõ.
000040 00 00 00 00 00 00 00 00 14 00 04 00 99 9E 36 00
............™ž6.
000050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
000060 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
000070 00 00 00 00 00 00 00 00 00 00 00 00 01 01 F6 FF
..............öÿ
000080 7D 80 87 35 D8 00 00 00 A4 05 A4 05 00 00 00 00
}€‡5Ø...¤.¤.....
000090 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
0000A0 00 00 00 00 00 00 00 00 00 04 27 AA F0 C2 02 00
..........'ªðÂ..
0000B0 88 C4 4E 60 08 00 45 40 05 96 89 77 00 00 40 11
ˆÄN`..E@.–‰w..@.
Thanks,
Ed
|