| Bug ID |
10190
|
| Summary |
The .cap files generated from Message Analyzer use the incorrect time stamp
|
| Classification |
Unclassified
|
| Product |
Wireshark
|
| Version |
unspecified
|
| Hardware |
All
|
| OS |
Windows 7
|
| Status |
UNCONFIRMED
|
| Severity |
Normal
|
| Priority |
Low
|
| Component |
Capture file support (libwiretap)
|
| Assignee |
[email protected]
|
| Reporter |
[email protected]
|
Created attachment 12805 [details]
Example .cap file generated from message Analyzer
Build Information:
All versions
--
From: [email protected]
If you install Microsoft Network Monitor, you can find .cap file format at
Microsoft Network Monitor | network Monitor Overview | Capture File Format
section in Help | Contents and SDK menu.
The TimeStamp field of the Frame Layout is introduced with Network Monitor 2.3
to resolve time zone issue, accuracy and file merging issue and should be used
if ExtendedInfoOffset in the capture file header is not 0.
Technically, it is not a fault of Wireshark to use TimeOffsetLocal instead of
TimeStamp as we don’t mark that field as deprecated. But it would be better to
use TimeStamp field as TimeOffsetLocal is not UTC time and is not accurate as
TimeStamp.
If you have any more question, please let me know via email.
Kim
You are receiving this mail because:
- You are watching all bug changes.