Ethereal-users: RE: [Ethereal-users] Ethereal Decode of Network Associates Flawed

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "David DuPre" <david@xxxxxxxxxxxxxxxx>
Date: Wed, 17 Nov 2004 12:25:48 -0500

One version of the NAI Sniffer has a bug.  Save the file to an “ENC” format from the NAI Sniffer, then open it with Ethereal, see if this fixes the problem.  I am told there is an updated version of the software to fix this problem in the NAI Sniffer.

 

 

David DuPre' 
Executive Performance Engineering Consultant
HyPerformix Inc.
Office: 706-820-2252 

Email: dupre@xxxxxxxxxxxxxxx
Website: www.hyperformix.com

From: ethereal-users-bounces@xxxxxxxxxxxx [mailto:ethereal-users-bounces@xxxxxxxxxxxx] On Behalf Of larryjadams@xxxxxxxxxxx
Sent: Wednesday, November 17, 2004 12:10 PM
To: ethereal-users@xxxxxxxxxxxx
Subject: [Ethereal-users] Ethereal Decode of Network Associats Flawed

 

I am comparing a Network Associates/General sniffer capture side by side with the Ethereal version and the time Relative is off by a factor of approximately 2.83x.  In other words, when I have a delta time of .210 in Network General, I show a corresponding delta time of .074 in Ethereal.  Also, the General date is off by over 4 days.  I conducted a sniffer capture on 11/16 and Ethereal shows it as 11/12.  In addition, the sample that I described had an overall duration of approximately 4 minutes and Ethereal showed less than 2.

 

Could somebody explain what is wrong with the decoder and how it can be fixed.

 

Thanks,

 

Larry Adams

TheWitness (Cacti Developer)

Attachment: smime.p7s
Description: S/MIME cryptographic signature