Wireshark · Ethereal-users: Re: [Ethereal-users] Ethereal time format anomaly with libpcap file format

Ethereal-users: Re: [Ethereal-users] Ethereal time format anomaly with libpcap file format

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <guy@xxxxxxxxxxxx>

Date: Mon, 29 Dec 2003 12:03:05 -0800

On Mon, Dec 29, 2003 at 02:49:42PM -0500, Chris_Friedline@xxxxxxxxxxxxxxx wrote:
> This implies that there is full support for tcpdump format in EtherPeek. 
> Could there be some discrepancies in the file written out by Ethereal 
> running on Windows with libpcap and tcpdump running on Unix?

The only reason for discrepancies in the time stamps would be
differences in the time stamps supplied by WinPcap on Windows and by
libpcap on whatever UNIX system is being used - they just pass directly
through tcpdump or Ethereal when written to a file.

Try running WinDump on the Windows system - you'll probably see the same
time stamp glitches.

References:
- Re: [Ethereal-users] Ethereal time format anomaly with libpcap file format
  - From: Chris_Friedline

Prev by Date: Re: [Ethereal-users] Ethereal time format anomaly with libpcap file format
Next by Date: [Ethereal-users] when did using ethereal on the windows 9x dial-up ppp adapter stop working?
Previous by thread: Re: [Ethereal-users] Ethereal time format anomaly with libpcap file format
Next by thread: RE: [Ethereal-users] Ethereal time format anomaly with libpcap fileformat
Index(es):
- Date
- Thread