Ethereal-dev: Re: [Ethereal-dev] Understanding different time representations
Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.
Thanks Guy!
I appreciate the pointer. My tool is working now.
Ed
Guy Harris wrote:
Edward Mazurek said:
I've written a special trace file formatter that runs against
both Sniffer(TRSNIFF) and Ethereal(XCP)
You misspelled "Windows Sniffer" :-)
I.e., those files aren't Ethereal files, they're files from the Windows
version of Sniffer (and from its precessor, NetXRay from Cinco Networks).
type files and I'm
having a little problem with the time calculations. In some
of the XCP files it looks like the absolute time calculation
needs to include dividing by 3.57967377666. In other of the
XCP files I don't need to do this because the time is already
in microseconds. Does anyone know what exactly in the header
I can look for to determine if I need to do that extra divide?
See Ethereal's code for reading those files, in "wiretap/netxray.c" (and
note that it's not one field in the header, the code's a bit more
complicated than that), but be aware that Ethereal's code is not perfect -
there are some files where we still haven't figured out what to use to
determine what the units of the time stamp are. If you figure it out, let
us know....
_______________________________________________
Ethereal-dev mailing list
Ethereal-dev@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-dev
|