Ethereal-dev: Re: [ethereal-dev] Ethereal on Solaris -- lexical scanner problem s.

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Guy Harris <guy@xxxxxxxxxx>
Date: Fri, 6 Aug 1999 15:27:15 -0700 (PDT)
> $1 = {ts_sec = 12513210, ts_usec = 3489792186, incl_len = 3689869315,
>   orig_len = 134235392}

	#
	# "showtime_t" is a little program I whipped up a while ago
	# that takes a "time_t" value as an argument and prints it
	# out as a date and time.
	tooting$ showtime_t 12513210
	Mon May 25 12:53:30 1970

Hmm.  That's not a good sign; it looks as if we're at a bogus offset in
the file.

	tooting$ bc
	obase=16
	12513210
	BEEFBA
	3489792186
	D00200BA
	3689869315
	DBEEF003
	134235392
	8004500

"BEEF" looks a little suspicious - in fact, it looks as if "BADBEEF"
appears; this could be packet data of some sort, further suggesting that
we're at the wrong offset in the file.

Do you happen to have a pre-0.7.0 Ethereal handy, configured *without*
"wiretap"?  If so, it might be interesting to see whether it can read
the same capture file; if so, that suggests some problem with
"wiretap"'s handling of "libpcap" files.