Ethereal-users: RE: [Ethereal-users] Ethereal time format anomaly with libpcap fileformat
Well, just tried the same scenerio using .10.0 and saved it as test.dmp
and open it using Etherpeek, and the time was off by 1 hour. This is on
a lab environment with no connection to the outside world. Hmmm, did I
do something?
Gene
-----Original Message-----
From: Chris_Friedline@xxxxxxxxxxxxxxx
[mailto:Chris_Friedline@xxxxxxxxxxxxxxx]
Sent: Monday, December 29, 2003 11:22 AM
To: ethereal-users@xxxxxxxxxxxx
Subject: [Ethereal-users] Ethereal time format anomaly with libpcap
fileformat
Hello,
I've recently experienced a problem that I found interesting. I'm
Ethereal 0.10.0 to capture packets and EtherPeek NX 2.0.0 to analyze
them (quick, easy, management/vendor friendly reports) to diagnose some
problems we've been having with one of our application servers. The
packets were captured in libpcap (tcpdump) format using tethereal on the
server, copied to a management workstation, and then imported into
EtherPeek.
Using libpcap format, the absolute time in the Ethereal capture was
correct, but when viewed using EtherPeek, it showed up as exactly 1 hour
in the future (standard vs. daylight savings?). However, when I saved
the capture file, using Ethereal, as Network Associates Sniffer
(DOS-based) and imported into EtherPeek the times were displayed
correctly.
Captures done using EtherPeek display the correct times in both
EtherPeek and Ethereal.
Thoughts? Do I just need to convert everything to Sniffer before using
EtherPeek or did I stumble upon something in Ethereal?
Thanks,
Chris
_______________________________________________
Ethereal-users mailing list
Ethereal-users@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-users