On Thu, Jan 17, 2008 at 04:31:46PM -0800, Gianluca Varenni wrote:
> FYI today I tried opening a pcap-ng file with wireshark rev 24118, and
> it sort of worked.
> What doesn't work:
> - timestamps are wrong. There are two problems here:
> 1. the IDB option for the timestamp precision is not decoded, and I
> was generating timestamps with nanosecond precision.
> 2. timestamps are not in the libpcap fashion (seconds and
> microseconds, or seconds and nanoseconds). It's a single 64bit
> quantity that is split into high and low 32bits.
This has been fixed in SVN revision 24349. I can now read icmp2.ntar
from the Wiki and get the sample timestamps that appear in the graphic.
Wireshark also writes the correct timestamps. Would you mind verifying
with your other tool that can read pcapng files that the Wireshark
timestamps are done correctly?
Thanks,
Steve