Ethereal-dev: [Ethereal-dev] Re: some netxray traces off by time factor

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: "Bill Meier" <wmeier@xxxxxxxxxxx>
Date: Tue, 09 Aug 2005 22:58:15 -0500
> So, at least for those captures, it appears that the 
> correct answer would be given if there were *more than one* TpS table:

I've updated the capture list with more entries mostly based upon 
various captures submitted to ethereal-dev (see below).

As far as I can tell, in all the [network = Ethernet] cases 
(including those reported as "incorrect timestamp")
the following rules do seem to hold (Guy: nice summary).

	network = Ethernet, captype = CAPTYPE_NDIS [=0]:
		{ 1e6, 1193000.0, 1193182.0 };
	network = Ethernet, captype = ETH_CAPTYPE_GIGPOD [=2]:
		{ 1e9, ???, 31250000.0 };
	network = Ethernet, captype = ETH_CAPTYPE_OTHERPOD [=3]:
		{ 1e6, ???, 1250000.0 };


In addition:
   if ((network = Ethernet) and (captype = (GIGPOD or OTHERPOD)) and (timeunit = 2)) 
         ignore "hdr.timehi", "hdr.timelo" values (i.e. use start_time = 0.0)


Bill Meier






[08/09/05]

"req'd tick" is that needed for Ethereal to display times correctly.
"req'd tick" verified for all cases except those shown with ??????.


file_name          ver  netw  netw+1 captyp timeunit req'd_tick realtick  hdr.timhi  hdr.timlo pkt1.timehi pkt1.timelo
--------------     ---- ----  ------ ------ -------  ---------- --------  --------- ---------- ----------- ------------
etherealtime       v2.1    0     0      0       0     1000000          0          0          0           0 4294777865
arp1               v2.1    0     0      0       0     1000000    1193000          0          0           0   10513190

6_minute_login     v2.2    0     0      0       0     1000000    1193000          0          0           0   50840721
3Way_Handshake     v2.2    0     0      0       0     1000000    1193182          0          0           3 2833488013
f1                 v2.2    0     0      0       0     1000000    1193182          0          0           0    1388474
pingtest.host2     v2.2    0     0      0       0     1000000    3579545          0          0           0   99862327
30SecondKeepAlives v2.2    0     0      0       0     1000000    3579545          0          0           0   18863347
Server_LAN         v2.2    1     2      0       0     1000000    3579545          0          0           0     459689


bin00046           v2.2    0     0      0       1     1193000    1193000          0 2846268153           0 2847243889


xerox_reconnect    v2.2    0     0      0       2     1193182    1193182        459 2493607716         459 2496416947 
f2                 v2.2    0     0      0       2     1193182    1193182        838 3086185485        1028 1500901704



f3                 v2.2    0     0      2       0  1000000000    1193182          0          0      121300   57728512
f4                 v2.2    0     0      2       2    31250000    1193182       2662 1650257505           0      14689



f5                 v2.2    0     0      3       0     1000000    1193182          0          0           0  138804363
f6                 v2.2    0     0      3       2     1250000    1193182        167 3360335544          24  612438917

pri3               v2.2    3     0      6       0     ??????? 1395300000          0          0           0   14118901

frame01-99         v2.2    9     0      0       0     1000000    3579545          0          0           0     160380