Ethereal-users: Re: [Ethereal-users] Etherreal 0.10.10 problem reading Sniffer logs timestamps
phil.5.thomas@xxxxxx wrote:
I have NAI Sniffer v4.70.04 running on NT4 on a FlexPAC system. When I
import the traces into Etherreal v0.10.10 (running on the same machine),
it gets the timestamps all messed up. A 3min 25second capture shows up
as being 5377seconds long. This is the same sort of factor for my other
traces. I don't want to attach the file as its quite large but if
someone can point me in the right direction that would be great.
Alternatively if the dev team are aware of this problem (according to
the wiki this was going to be fixed in 0.10.09?)
The handling of time stamps was *improved* in 0.10.9.
I wouldn't say "fixed", however, as all the improvement came from
reverse engineering, so that just means it's fixed on the files used for
the reverse engineering.
I'll let the people who did the reverse engineering in question (they
figured out that, in newer versions of the Sniffer software, they store
not only an old-style index into a table of time stamp units, but the
raw value of the time stamp unit itself, in the file header) respond, if
they've found any more information. (My *suspicion* is that at least
*some* of the problems *might* be due to the fact that, before the fix
to use the raw time stamp value, we'd tweaked some time stamp values in
the table to fix some problems with files that had the raw time stamp
value in the header, so that the tweaked value isn't correct for files
that *don't* have the raw time stamp value and the tweak isn't necessary
for files that do. I don't have the files - or the Sniffer - with which
to test that hypothesis.)