FYI today I tried opening a pcap-ng file with wireshark rev 24118, and it
sort of worked.
What works:
- the first file I opened was a 50+MB file generated with NTAR. Real
ethernet packets coming from a custom board. Wireshark opened the trace
without any problem, and the decoded packets made perfectly sense. YAY!
What doesn't work:
- timestamps are wrong. There are two problems here:
1. the IDB option for the timestamp precision is not decoded, and I was
generating timestamps with nanosecond precision.
2. timestamps are not in the libpcap fashion (seconds and microseconds, or
seconds and nanoseconds). It's a single 64bit quantity that is split into
high and low 32bits.
Have a nice day
GV
Attachment:
smime.p7s
Description: S/MIME cryptographic signature