On Tue, Sep 17, 2002 at 04:12:18PM -0500, Tobin Schuster wrote:
> I have noticed that Ethereal incorrectly displays the packet time when
> displaying packets captured using Network Associates Sniffer Basic
> version 3.50.02.
We have found that sometimes it displays the packet time correctly and
sometimes it doesn't.
We have also found that if we change the code to correctly display the
packet times for captures where it doesn't display them correctly, it
displays them incorrectly for other captures, so that doesn't count as a
"fix".
The capture format used by the Windows-based Sniffer software isn't
documented anywhere I know of, so it had to be reverse-engineered. It
appears that there is something strange going on with its time stamps,
which we have been unable to determine - although there have been
messages in the past to one of the Ethereal lists claiming that a trace
from either Sniffer Basic or Sniffer Pro on one PC gave the wrong time
stamps when read by Sniffer on another PC, so perhaps the problem is
completely insoluble (if Network Associates can't make it work, it's not
clear that we can make it work).
