Ethereal-users: [Ethereal-users] Ethereal time format anomaly with libpcap file format

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Chris_Friedline@xxxxxxxxxxxxxxx
Date: Mon, 29 Dec 2003 14:22:11 -0500
Hello,

I've recently experienced a problem that I found interesting.  I'm 
Ethereal 0.10.0 to capture packets and EtherPeek NX 2.0.0 to analyze them 
(quick, easy, management/vendor friendly reports) to diagnose some 
problems we've been having with one of our application servers.  The 
packets were captured in libpcap (tcpdump) format using tethereal on the 
server, copied to a management workstation, and then imported into 
EtherPeek. 

Using libpcap format, the absolute time in the Ethereal capture was 
correct, but when viewed using EtherPeek, it showed up as exactly 1 hour 
in the future (standard vs. daylight savings?).  However, when I saved the 
capture file, using Ethereal,  as Network Associates Sniffer (DOS-based) 
and imported into EtherPeek the times were displayed correctly.

Captures done using EtherPeek display the correct times in both EtherPeek 
and Ethereal.

Thoughts?  Do I just need to convert everything to Sniffer before using 
EtherPeek or did I stumble upon something in Ethereal?

Thanks,
Chris