On Wednesday, July 2, 2003, at 1:36 PM, Robert Long wrote:
I am using a Network Associates Sniffer with software Distributed Pro
Version 4.20.033. I am using Ethereal version 0.9.13.
The timestamps are displayed as follows:
On Sniffer software 7/1/03 2:06:23 PM
On Ethereal 7/1/03 13:58:24.-311130
I tried using editcap -F ngwsniffer_2_0 sniffer_file.cap
sniffer_file.pcap
and it changed the time shown in Ethereal to 7/1/03 10:43:53.-357631
Is there any way to convert the timestamps?
The only way to do that would be to:
find out why, in that particular capture, the time stamps are coming
out wrong;
fix it in such a way as not to break the interpretation of any *other*
Sniffer files.
At least part of the problem appears to be that there is not a simple
and correct way to determine the time stamp units in a Windows Sniffer
capture (in fact, there are reports that, in at least one case, a
Sniffer capture didn't have the right time stamps when read by
*Sniffer* on an machine other than the one on which the capture was
done; if so, then if even Network Associates can't get it right, the
chances that Ethereal can always get it right aren't very good).
We'd have to see the capture file in order to do anything about the
problem.