tcpdump mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Two DLT Requests For Bluetooth RF Captures

From: Guy Harris <guy () alum mit edu>
Date: Sun, 16 Feb 2014 15:42:52 -0800

On Feb 14, 2014, at 7:41 PM, Chris Kilgour <techie () whiterocker com> wrote:


The motivation was classic pcap.  I was up on pcap-ng, but did not realize the pcap format has an updated variant 
with higher-precision timestamps.


Yup.  Use 0xa1b23c4d, rather than 0xa1b2c3d4, as the magic number, as per

        http://www.tcpdump.org/manpages/pcap-savefile.5.html

Newer versions of libpcap have APIs to allow an application doing a live capture to request nanosecond time stamp 
resolution for time stamps (which may return PCAP_ERROR_TSTAMP_PRECISION_NOTSUP if the device doesn't support 
nanosecond resolution) and to indicate, when opening a saved capture file, that it wants seconds-and-nanoseconds time 
stamps rather than seconds-and-microseconds time stamps (if the file contains microsecond-resolution time stamps, the 
microseconds value is multiplied by 1000; there really should be an API to say "how precise are the time stamps in this 
file").


_______________________________________________
tcpdump-workers mailing list
tcpdump-workers () lists tcpdump org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Previous By Date Next
Previous By Thread Next

Current thread: