Re: Capture start time

[Guy Harris <guy () alum mit edu>]

On Mar 23, 2010, at 4:09 PM, Jaap Keuter wrote:

> Maybe file creation time can help you here.

...if you're running on an OS that supports a creation time (Windows, some but not all UN*Xes) and the file is on a 
file system that supports it.  (Wireshark currently doesn't attempt to get the creation time on any UN*X, and I don't 
think it does so on Windows, either.)

> What does pcap-ng has to offer in this respect?

The Interface Statistics Block has capture start time and capture end time options; that block appears to be intended 
to appear at the *end* of the capture, so if you're running a one-pass program, you can't display packet time stamps as 
"seconds since the capture started".

If there was a capture start time option for the Interface Description Block, that would be possible.
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe