Ethereal-users: [Ethereal-users] Capture conversions

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Robert McConnell <rmcconne@xxxxxxxxxxxxx>
Date: Sun, 23 Feb 2003 09:40:24 -0500
Good morning,

I have been using a product called NetProbe from NetPlus to capture network traffic in a QA environment. This is an MSDOS package, and for several reasons remains a good choice for monitoring and capturing network traffic. However, NetProbe is weak on the analysis end and NetPlus seems to have disappeared, at least from the Internet.

I am looking at converting the NetProbe trace files into the raw tcpdump format so that I can import them into Ethereal. Looking at the files themselves, they contain a binary copy of each packet with a 20 byte header containing the packet length, snapshot length and an MS-DOS time stamp (milliseconds since 1/1/80). So I think the conversion will be rather simple to do in either Perl or C.

Has anyone built this wheel? Or does anyone have a snippet of code that will convert MS-DOS time stamps into Unix time? This is the one piece I don't have worked out.

Thank you,

Bob McConnell
N2SPP