>
> I have a trace taken on a machine running the Network General sniffer
> Netasyst. If I then open the trace in Netasyst on my laptop the timestamps
> match that of some Cisco Call Manager QRT logs. If I then open the same trace
> in Wireshark, the timestamps are wildly inaccurate.
>
> I know there was some problems with Sniffer timestamps before, but I thought
> this was a difference of around 6 seconds or so and was fixed.
>
> In this case the first packet in the trace opened in Netasyst shows it as
> 31/07/2006 at 14:10:38, whilst the same packet in Wireshark is 31/07/2006 at
> 22:16:45:500826.
If you can supply a short capture file (5-10 frames) along with the correct
times as shown in Netasyst for at least the first several packets, I can do
the analysis to determine if a different 'timeunit' is required for this type
of capture.
(It would be most helpful if you can include in the times those with the most
precision: usually the 'delta' timestams which is the time between packets),
Feel free to send the capture to my personal EMail if you prefer.
(My apologies if this shows up twice: I may have misaddressed the first
reply).
Bill Meier