Hello,
I've recently experienced a problem that I found interesting. I'm
Ethereal 0.10.0 to capture packets and EtherPeek NX 2.0.0 to analyze them
(quick, easy, management/vendor friendly reports) to diagnose some
problems we've been having with one of our application servers. The
packets were captured in libpcap (tcpdump) format using tethereal on the
server, copied to a management workstation, and then imported into
EtherPeek.
Using libpcap format, the absolute time in the Ethereal capture was
correct, but when viewed using EtherPeek, it showed up as exactly 1 hour
in the future (standard vs. daylight savings?). However, when I saved the
capture file, using Ethereal, as Network Associates Sniffer (DOS-based)
and imported into EtherPeek the times were displayed correctly.
Captures done using EtherPeek display the correct times in both EtherPeek
and Ethereal.
Thoughts? Do I just need to convert everything to Sniffer before using
EtherPeek or did I stumble upon something in Ethereal?
Thanks,
Chris