Ethereal-users: [Ethereal-users] Incorrect time display for decode of windows sniffer capture fi
(Resend of previous message with text example instead of .jpg attachment)
I'm using windows ethereal 0.9.11 (glib 1.3.2. libz 1.1.4) on my home
windows XP PC to display capture files saved from a windows sniffer at
work.
When I set the display options to show date+time, the millisecs portion of
the time shows as a negative number.
eg: 21.-403265; the date shown is also not correct (i.e.: not the same as
shown if I display the file with the NG sniffer program at work).
Using tethereal I see the same result as ethereal as follows:
1 2002-10-24 09:16:20.-507646 ...
2 2002-10-24 09:16:20.-507302 ...
3 2002-10-24 09:16:20.-444788 ...
4 2002-10-24 09:16:20.-435009 ...
5 2002-10-24 09:16:20.-256111 ...
6 2002-10-24 09:16:21.-841451 ...
7 2002-10-24 09:16:21.-403271 ...
8 2002-10-24 09:16:21.-403265 ...
9 2002-10-24 09:16:21.-395748 ...
10 2002-10-24 09:16:21.-395741 ...
(I also tried ethereal 0.9.12 with the same result).
Additional note:
After using Ethereal to filter packets for a particular TCP connection, and
then saving the filtered packets (in windows sniffer format) and then
loading the saved file, the times displayed (presumably) correctly.
e.g.: 21.-403265 became 20.596734
If I just take the original capture file without filtering, save it
(save_as) and then load
the saved file, the times still display incorrectly.
Is the incorrect time display when using a windows sniffer capture file a
known problem ? Something wrong about my install ? or what ?
Thanks in advance for any ideas, help.
Bill Meier