Wireshark · Ethereal-users: Re: [Ethereal-users] >> Lastest Network General Sniffer format Displaying Wrong Date/Time <<

Ethereal-users: Re: [Ethereal-users] >> Lastest Network General Sniffer format Displaying Wrong

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: "Guy Harris" <gharris@xxxxxxxxx>

Date: Thu, 18 Nov 2004 19:03:58 -0800 (PST)

Larry Adams said:
> I think Ethereal needs an updated Network Associates file format decoder
> to cover the changes in their format.

We'd update the decoder if we knew what the changes were.

Unfortunately, we don't; the code to read the Windows Sniffer files was
not written based on a published specification of the file format, it was
written based on reverse-engineering the file format by looking at files
in that format and at how they're interpreted by Sniffer.  Merely knowing
that something changed isn't sufficient to allow us to change our code to
deal with that change; we have to know what the change is.

The time stamps in Windows Sniffer captures are not always interpreted
correctly by Ethereal; unfortunately, we have not yet been able to
reverse-engineer the file sufficiently to figure out what data in the file
specifies how to compute the time stamps correctly.

References:
- [Ethereal-users] >> Lastest Network General Sniffer format Displaying Wrong Date/Time <<
  - From: Larry Adams

Prev by Date: Re: [Ethereal-users] >> Lastest Network General Sniffer format Displaying Wrong Date/Time <<
Next by Date: RE: [Ethereal-users] RES: Windows XP question
Previous by thread: Re: [Ethereal-users] >> Lastest Network General Sniffer format Displaying Wrong Date/Time <<
Next by thread: Re: [Ethereal-users] >> Lastest Network General Sniffer format Displaying Wrong Date/Time <<
Index(es):
- Date
- Thread