Wireshark-bugs: [Wireshark-bugs] [Bug 3457] Support for new capture file format
Date: Tue, 2 Jun 2009 14:30:18 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3457





--- Comment #12 from Ravi Kondamuru <ravikondamuru@xxxxxxxxx>  2009-06-02 14:30:17 PDT ---
Your guess in comment #11 is correct. The 2 bytes @offset 2 is a length field
and the 4 bytes @offset 5 is the timestamp field.(In reply to comment #11). The
format of the header is in netscaler.c for example: nspr_pktracefull_v22_t

> (In reply to comment #9)
> > The signature should be present in the first page of the trace file. The 1.0
> > version sometimes has it outside a page. And since 1.0 is not very prevalent
> > today, we are fine with limiting to first page.
> 
> It's possible to check the first few pages, if this will maintain correct
> support for 1.0 files.
> 
> Do you have an update on the undissected fields?  Seems like its the length
> field and a timestamp, right?
> 


-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.