[jfielding@xxxxxxxxxxxxxxx]

Tom,

I tried your text and -t switch with text2pcap from the 0.10.0 distribution (Win32). It worked fine (at least the timestamps and hex bytes shown by Ethereal look the same as in your email). So either:

1. You used a different version of text2pcap and it has bugs.
or
2. Your text file contained something unusual but invisible (whitespace - tabs, end of line chars, etc) that got filtered out by the time I copied and pasted from your email to my text file.

I've found text2pcap somewhat finicky about text file format, especially timestamps, so I think 2 is more likely.

When text2pcap can't interpret the timestamp it says Jan 1 1970 00:00 GMT. Your email shows timezone -0600, so I guess (t)ethereal would interpret this as Dec 31 1969 18:00.

Here's my command line and output:

E:\Program Files\Ethereal\Files>..\text2pcap -t %M:%S. PCtime.txt PCtime.eth
Input from: PCtime.txt
Output to: PCtime.eth
Wrote packet of 56 bytes at 0
Wrote packet of 56 bytes at 56
Wrote packet of 56 bytes at 112
Wrote packet of 56 bytes at 168
Wrote packet of 56 bytes at 224
Read 5 potential packets, wrote 5 packets

Note the correct sizes (56 bytes).

The output file has your bytes correct (OK, I didn't check every byte, just a few samples, in particular the first 14 bytes), but they don't make much sense:

IEE 802.3 Ethernet, destination c2:00:00:30:f2:cf, source 01:e0:2f:00:00:01 (multicast!), length 1, data 5c, the rest trailer.

Maybe you need to use one of text2pcap's "add a header" options.

Regards,
Julian.
----- Message from Tom.Benton@xxxxxxxxxx on Thu, 22 Jan 2004 17:27:47 -0600 -----

To:	ethereal-users@xxxxxxxxxxxx
Subject:	[Ethereal-users] timestamp problem

Looking for help with this problem: 

i have pcap-formatted file with timestamps 
added as %M:%S. format, as follows: 


02:22.2429 
00000000 c2 00 00 30 f2 cf 01 e0 2f 00 00 01 00 01 5c 22 
00000010 21 d2 00 1e 00 00 03 01 03 00 04 01 02 00 00 7d 
00000020 ee ca 00 7d ed ad 02 07 02 08 ff fc 40 00 00 01 
00000030 c0 80 15 af 08 46 00 af 

02:24.0001 
00000000 c2 00 00 30 f2 cf 01 e0 2f 00 00 01 00 01 5c 22 
00000010 21 d2 00 1e 00 00 03 01 03 00 03 01 02 00 00 7d 
00000020 ee ea 00 7d ed cc 02 07 02 08 ff fc 40 00 00 01 
00000030 c0 80 43 a9 d6 8a 00 a9 

02:26.2432 
00000000 c2 00 00 30 f2 cf 01 e0 2f 00 00 01 00 01 5c 22 
00000010 21 d2 00 1e 00 00 03 01 03 00 02 01 02 00 00 7d 
00000020 ef 0c 00 7d ed ec 02 07 02 08 ff fc 40 00 00 01 
00000030 c0 80 9e 1a 82 39 00 1a 

02:28.4529 
00000000 c2 00 00 30 f2 cf 01 e0 2f 00 00 01 00 01 5c 22 
00000010 21 d2 00 1e 00 00 03 01 03 00 06 01 02 00 00 7d 
00000020 ef 0f 00 7d ed ee 02 07 02 08 ff fc 40 00 00 01 
00000030 c0 80 0e 6a 42 63 00 6a 

02:32.2902 
00000000 c2 00 00 30 f2 cf 01 e0 2f 00 00 01 00 01 5c 22 
00000010 21 d2 00 1e 00 00 03 01 03 00 01 01 02 00 00 7d 
00000020 ef 2b 00 7d ee 0c 02 07 02 08 ff fc 40 00 00 01 
00000030 c0 80 95 27 55 bd 00 27 

I run the file through text2pcap as follows: 
 text2pcap -t %M:%S. pcaptime.txt pcaptime.out 

with the output being: 
Input from: pcaptime.txt 
Output to: pcaptime.out 
Wrote packet of 15 bytes at 0 
Wrote packet of 15 bytes at 15 
Wrote packet of 15 bytes at 30 
Wrote packet of 15 bytes at 45 
Wrote packet of 15 bytes at 60 
Read 5 potential packets, wrote 5 packets 

However, tethereal has problems with this, the timestamp for the 1st pkt is ok, all others are 18:00 
C:/Ethereal> tethereal -ta -r pcaptime.out 
  1 00:02:22.242900              ->              DOCSIS MGMT [Short Frame] 
  2 18:00:00.000000              ->              DOCSIS MGMT [Short Frame] 
  3 18:00:00.000000              ->              DOCSIS MGMT [Short Frame] 
  4 18:00:00.000000              ->              DOCSIS MGMT [Short Frame] 
  5 18:00:00.000000              ->              DOCSIS MGMT [Short Frame] 


Any help as to what i'm doping wrong ?  Please reply directly to me at 
tom.benton@xxxxxxxxxx 
630 281-3028 

Thanks, 

Tom