Ethereal-users: Re: [ethereal-users] Problem with Absolute Date Function, plus ad vice on a Thre

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Guy Harris <guy@xxxxxxxxxx>
Date: Mon, 17 Jul 2000 18:13:03 -0700 (PDT)
> I took a three traces simultaneously of my PC pinging another box. One using
> NetMon. One using Optimal Application Expert, and one remotely using a 3Com
> Superstack RMON2 Probe. This was done at around 1:01am BST as NetMon's Cap
> file reports.

...but when I have NetMon here read "3com.trc", it thinks the capture
started at 00:54:29.000, even though it thinks "netmon.cap" started at
01:01:39.876 - and it thinks the "oae.trc" capture started at
00:54:17.000.

I assume the clocks on the three machines were out of sync with one
another.

NetMon here and NetMon in your PNG agree on the time stamp for
"netmon.trc"; however, they differ by some non-integral number of hours
for "oae.trc" (00:54:17.000 here, 00:02:48.037 there) and "3com.trc"
(00:54:29.000 here, 00:02:16.371 there) - that's differences between the
time stamps for the *same file*, so there's more than just summer time
involved (that would make them differ by one hour).

There is, I suspect, something wrong with the time-stamp reading code
for Sniffer-format files in both the version of Network Monitor I have
here *and* in the Wiretap library used by Ethereal/Tethereal/editcap.  I
shall have to see what the time stamps are in the two ".trc" files, and
see why Wiretap is concluding they are what they are.