On Thu, Feb 27, 2003 at 04:10:03PM -0500, Ian Schorr wrote:
> From what I can tell, setting a value for xxb[20] (from the netxray_hdr
> structure in netxray.c) seems to instruct Sniffer to interpret the
> timestamps differently. Ethereal doesn't currently check the value of
> this field.
>
> Setting it to a value of 0x2, which I see in nearly all traces I have
> that were taken with a gigabit ethernet sniffer, seems to cause Sniffer
> to divide the timestamps by 1000.
I.e., the time stamps have higher resolution (e.g., if hdr.timeunit is
0, they have nanosecond resolution rather than microsecond resolution)?
> I've also noticed that setting this value to something other than 2
> seems to cause Sniffer to not display A and B channel information on
> gigabit-taken traces, so I'm guessing that this field may somehow
> indicate the capture type (i.e. this trace was taken with a "high-speed
> module", or something like that).
At least in the current CVS version (I think it's in 0.9.9 as well), for
WAN captures, hdr.xxb[20] appears to indicate the type of capture:
4 Frame Relay
6 various sorts of HDLC
so I suspect it does, in fact, indicate something about the type of
captue (I don't know whether Frame Relay captures use a different type
of pod from other captures - I don't think they do - so it's probably
hardware plus other information).
