[Sake Blok <sake@xxxxxxxxxx>]

On Mon, Apr 10, 2006 at 08:19:10PM -0500, Bill Meier wrote:
> > ...
> > capinfos: Can't open F5Cal25eu001etl.cap: File contains record data we don't support
> > (netxray: Unknown timeunit 2 for Ethernet/ETH_CAPTYPE_GIGPOD2 version 002.002 capture)
> ...
> If at all possible, please supply a short sample capture file and a file 
> showing the dates/times of the frames in the capture as shown on the sniffer.

I have taken a look at the trace myself and calculated the TpS to be
20000000.0 for this particular trace. If I also discard the start_timestamp
like it has been done for other versions of the netxray format, then
I get the proper results.

On another trace, taken with Sniffer Portable, I see that the TpS is
a factor 3 off, in the source I see the following:

 * XXX - the third item is 1193180.0, presumably because somebody found
 * it gave the right answer for some captures, but 3 times that, i.e.
 * 3579540.0, appears to give the right answer for some other captures.
 * Some captures have realtick of 1193182, some have 3579545, and some
 * have 1193000.  Most of those, in one set of captures somebody has,
 * are wrong.

For my trace the 3579540.0 would be the correct value.
Is it ok for me to include value 3579540.0 in the patch I'm 
about to make? Or would that result in a flip-flopping value?

Might these timeunit indexes be different for different major/minor 
versions of this file-format? Does anyone have any ideas on that (Bill?)?
That leaves me with my initial question, did anyone try to get the
specs of the file-format from Network General?


Cheers,   Sake