Wireshark · Ethereal-dev: Re: [Ethereal-dev] Support for distributed sniffer format

Ethereal-dev: Re: [Ethereal-dev] Support for distributed sniffer format

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Sake Blok <sake@xxxxxxxxxx>

Date: Fri, 14 Apr 2006 20:53:57 +0200

On Thu, Apr 13, 2006 at 07:59:26AM -0500, Bill Meier wrote:
> > 
> > > Can you provide the capture so I can compare it to other captures to see 
> > > whether the versions are different or whether something else is different ?
> > 
> > Unfortunately this file contains unencrypted Internet banking data. Is it
> > OK if I sent you only the file-header (first 128 bytes)?
> > 
> 
> The first 128 bytes would be just fine (since you've already indicated the 
> correct TpS value).

Bill,

I truncated both tracefiles and included the .png's showing the
output of Distributed Sniffer and Sniffer Portable. The files
starting with cal25 are from the Distributed Sniffer (for which
I made the patch). The ones starting with hyp11 are from the
Sniffer Portable for which the TpS value should be trippled.

I hope they help you (and/or others) in finding a pattern to 
be able to determine the correct timestamps for all types of
Network General sniffer files.

Cheers,   Sake

Attachment: sniffer-examples.tgz
Description: application/tar-gz

References:
- Re: [Ethereal-dev] Support for distributed sniffer format
  - From: Bill Meier
- Re: [Ethereal-dev] Support for distributed sniffer format
  - From: Bill Meier

Prev by Date: Re: [Ethereal-dev] buildbot failure in Solaris-8-SPARC
Next by Date: Re: [Ethereal-dev] buildbot failure in Solaris-8-SPARC
Previous by thread: Re: [Ethereal-dev] Support for distributed sniffer format
Next by thread: [Ethereal-dev] packet-tcp.h should include emem.h
Index(es):
- Date
- Thread