Ethereal-users: RE: [ethereal-users] Problem with Absolute Date Function, plus ad vice on a Thr

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Alistair.McGlinchy@xxxxxxxxxxxxxxxxxxxxx
Date: Tue, 18 Jul 2000 19:07:07 +0100
Hello Guy,

> On Tue, Jul 18, 2000 at 01:46:01AM +0100,
Alistair.McGlinchy@xxxxxxxxxxxxxxxxxxxxx wrote:
> > I took a three traces simultaneously of my PC pinging another box. One
using
> > NetMon. One using Optimal Application Expert, and one remotely using a
3Com
> > Superstack RMON2 Probe.
> 
> ...neither of which are Network {General,Associates} Sniffers.
>

The capture application for the RMON2 Probe was 3Com's Lansentry Capture and
Decode applicatons (v3.0).

> It would be interesting to hand "OAE.trc" and "3com.trc" to a Sniffer
> and see what time stamps it reports for those files.

I copied the OAE.trc and 3Com.trc onto a clunky old version (4.52) of
Network General sniffer. NG agrees with Ethereal on the absolute time for
both OAE.trc and 3Com.trc. 

I took a trace using the NG sniffer. Ethereal and OAE can read this file
fine but NetMon cannot. Exporting this trace back out of OAE to a new .trc
file creates a file with the same problems as OAE.trc and 3Com.trc. 

Looking further I have discovered that NetMon is telling lies. A trace taken
in Feb this year extracted from OAE is reported by NetMon as being run
today. So presume it backwardly computes the absolute time from the
timetime-stamp on the file. Hence I take back what I said about NetMon being
able to deduce the time from within the trace file. 

Now I'm beginning to think that there are two different .trc file syntaxes.
One with the real timestamp from nice applications like NG sniffer, and ones
without from OAE and 3Com. 

For your further analysis I have attached a trace taken today from the
Network General NetGen.trc plus a traces of OAE exported version of the same
data. Note that NetMon correctly reads the date from NetGen2.trc file but
reports the time in GMT rather than BST.
 <<NETGEN2.trc>>  <<NETGEN.TRC>> 

Alistair
> --------------------------------------------------------------------
> Alistair McGlinchy,         alistair.mcglinchy@xxxxxxxxxxxxxxxxxxxxx
> Sizing and Performance, Central IT  ext. 5012, ph +44 0 20-7268-5012
> Marks and Spencer (Stockley Park)              fx +44 0 20-7268-5721
> 1SW, 3 Longwalk Rd, Stockley Park, Uxbridge UB11 1AW, United Kingdom
> 
> 
> From:	Guy Harris [SMTP:gharris@xxxxxxxxxxxx]
> 
> 

__________________________________________________________________________________________

Registered Office:
Marks and Spencer plc
Michael House, Baker Street,
London, W1A 1DN
Registered No. 214436 in England and Wales.

Telephone  (020) 7935 4422
Facsimile  (020) 7487 2670

www.marks-and-spencer.com

This e-mail is Confidential. If you received it by mistake, please let us know and then
delete it from your system; you should not copy, disclose, or distribute its contents to
anyone nor act in reliance on this e-mail, as this is prohibited and may be unlawful.
___________________________________________________________________________________________

Attachment: NETGEN2.trc
Description: Binary data

Attachment: NETGEN.TRC
Description: Binary data