Re: DLT_ request

[Scott Deandrea <sdeandrea () apple com>]

Yes, that's the behavior I have implemented in Wireshark and our internal tools. 

--scott

> On Jan 5, 2017, at 8:52 PM, Guy Harris <guy () alum mit edu> wrote:
>
> > On Jan 5, 2017, at 8:48 PM, Scott Deandrea <sdeandrea () apple com> wrote:
> >
> > The mach absolute time base is different between ARM and x86/x64 though developers won’t have access to packet 
> > capture on iOS devices (internally the packet capture is used on iOS devices).  The developers that would be using 
> > this software capture are familiar with the Mach Absolute Time format as it is the same values returned by the real 
> > software stack so I don’t see any need to change the format to nanoseconds.
>
> ...so a Wireshark dissector, or tcpdump printer, for these packets would presumably just show the time stamps as a 
> raw 64-bit value, without any interpretation, and leave it up to the person reading the capture to interpret it.
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers () lists tcpdump org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers