Wireshark-bugs: [Wireshark-bugs] [Bug 10190] New: The .cap files generated from Message Analyzer
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Tue, 17 Jun 2014 21:38:35 +0000
Bug ID 10190
Summary The .cap files generated from Message Analyzer use the incorrect time stamp
Classification Unclassified
Product Wireshark
Version unspecified
Hardware All
OS Windows 7
Status UNCONFIRMED
Severity Normal
Priority Low
Component Capture file support (libwiretap)
Assignee bugzilla-admin@wireshark.org
Reporter KenHo@Microsoft.Com 

Created attachment 12805 [details]
Example .cap file generated from message Analyzer

Build Information:
All versions
--
From: gikim@microsoft.com
If you install Microsoft Network Monitor, you can find .cap file format at
Microsoft Network Monitor | network Monitor Overview | Capture File Format
section in Help | Contents and SDK menu.

The TimeStamp field of the Frame Layout is introduced with Network Monitor 2.3
to resolve time zone issue, accuracy and file merging issue and should be used
if ExtendedInfoOffset in the capture file header is not 0.

Technically, it is not a fault of Wireshark to use TimeOffsetLocal instead of
TimeStamp as we don’t mark that field as deprecated. But it would be better to
use TimeStamp field as TimeOffsetLocal is not UTC time and is not accurate as
TimeStamp.

If you have any more question, please let me know via email.

Kim

You are receiving this mail because:
  • You are watching all bug changes.