Wireshark-dev: Re: [Wireshark-dev] Absolute arrvial time of packet in wireshark
From: Lloyd <lloydkl.tech@xxxxxxxxx>
Date: Thu, 26 Jun 2014 20:39:06 +0530
If you check the pcap file format, you will see there is a field for storing the time stamp. That time stamp is interpreted and shown in a readable format, including the time zone information. The time zone information is collected from your system.


On Thu, Jun 26, 2014 at 8:30 PM, Pascal Quantin <pascal.quantin@xxxxxxxxx> wrote:
Hi,

my understanding is that Anders was referring to the field you are looking at (each packet being timestamped by WinPcap).

Pascal.


2014-06-26 16:31 GMT+02:00 Vishnu Bhatt <vishnu.bhatt@xxxxxxxxxxx>:

Thanks for the reply. But I am talking of the following time:

 

 

 

 

From: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Anders Broman
Sent: Thursday, June 26, 2014 7:33 PM


To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] Absolute arrvial time of packet in wireshark

 

And http://wiki.wireshark.org/Timestamps

 

From: Anders Broman
Sent: den 26 juni 2014 16:02
To: 'Developer support list for Wireshark'
Subject: RE: Absolute arrvial time of packet in wireshark

 

Hi,

If you are talking about the packet timestamps they are delivered by Winpcap together with the packet data in case of real time capturing.

Google “winpcap time stamps” for further reading.

Regards

Anders

 

From: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Vishnu Bhatt
Sent: den 26 juni 2014 15:47
To: wireshark-dev@xxxxxxxxxxxxx
Subject: [Wireshark-dev] Absolute arrvial time of packet in wireshark

 

Hello,

 

I need to know how does Wireshark gets the absolute arrival time of a packet in windows system? I saw in the code and found that GetSystemTimeAsFileTime() is used to get the system time in windows but the code at that point doesn’t hit. From where is the time being taken by Wireshark while capturing?

 

Any help would be appreciated.

 

Thanks

"DISCLAIMER: This message is proprietary to Aricent and is intended solely for the use of the individual to whom it is addressed. It may contain privileged or confidential information and should not be circulated or used for any purpose other than for what it is intended. If you have received this message in error, please notify the originator immediately. If you are not the intended recipient, you are notified that you are strictly prohibited from using, copying, altering, or disclosing the contents of this message. Aricent accepts no responsibility for loss or damage arising from the use of the information transmitted by this email including damage from virus."

"DISCLAIMER: This message is proprietary to Aricent and is intended solely for the use of the individual to whom it is addressed. It may contain privileged or confidential information and should not be circulated or used for any purpose other than for what it is intended. If you have received this message in error, please notify the originator immediately. If you are not the intended recipient, you are notified that you are strictly prohibited from using, copying, altering, or disclosing the contents of this message. Aricent accepts no responsibility for loss or damage arising from the use of the information transmitted by this email including damage from virus."

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe


___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe