Ethereal-users: Re: [ethereal-users] Problem with Absolute Date Function, plus ad vice on a Thre

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Guy Harris <gharris@xxxxxxxxxxxx>
Date: Tue, 18 Jul 2000 02:19:36 -0700
On Tue, Jul 18, 2000 at 01:46:01AM +0100, Alistair.McGlinchy@xxxxxxxxxxxxxxxxxxxxx wrote:
> I took a three traces simultaneously of my PC pinging another box. One using
> NetMon. One using Optimal Application Expert, and one remotely using a 3Com
> Superstack RMON2 Probe.

...neither of which are Network {General,Associates} Sniffers.

I wonder whether real Sniffer captures have per-packet time stamps that
are relative to the beginning of the day on which the capture was
started (so that the time field in the file header, that being the time
at which the capture was started, is ignored), but Sniffer-format
captures from Optimal's Application Expert, and from whatever program
probed the 3Com device, have time stamps relative to the date *and* time
in the file header - i.e., they may have incorrectly implemented
Sniffer-style captures, under the assumption that the date and time
fields in the header, rather than just the date field, specify the time
to which time stamps in the packet headers are relative.

It would be interesting to hand "OAE.trc" and "3com.trc" to a Sniffer
and see what time stamps it reports for those files.