Wireshark-bugs: [Wireshark-bugs] [Bug 299] Time stamps in some Windows Sniffer files are off by

Date: Fri, 25 May 2007 13:18:21 +0000 (GMT)
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=299





------- Comment #27 from wmeier@xxxxxxxxxxx  2007-05-25 13:18 GMT -------
Yes: I've been working on this off and on; It's a bit tricky; A heuristic is
needed which will differentiate the attached type of file from from other
similar looking files when determining the 'ticks per second' [TPS] factor to
be used when displaying the time. 

The problem is that the algorithm currently used by Wireshark to determine the
TPS factor (based upon certain bytes in the capture file header) is *not*
sufficient to differentiate these captures from other captures which have a
different TPS.

Having said the above, I think I've identified a heuristic which appears to
allow determination of the correct TPS for these files while continuing to give
the correct TPS for other files.

Basically: I've had to review a fairly large number of different types of
sniffer capture files (including those from other bug reports similar to this
one) to see what works.

There's a bit more work to be done, but I think the revised algorithm should be
OK.

Bill


-- 
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.