> On 06 Jun 2016, at 06:10, Marco Kwok <[email protected]> wrote: > > Hi Alfredo, > > After checkout the newest commit, I observed 1 fix needed and 3 behavioral > changes: > one more line need to be changed to have proper time stamp: > /userland/libpcap-1.7.4/pcap-linux.c > @@ -1709,7 +1709,7 @@ pcap_read_packet(pcap_t *handle, pcap_handler callback, > u_char *userdata) > caplen = pcap_header.caplen, packet_len = > pcap_header.len; > if (pcap_header.extended_hdr.timestamp_ns && > handle->opt.tstamp_precision == PCAP_TSTAMP_PRECISION_NANO) { > pcap_header.ts.tv_sec = > pcap_header.extended_hdr.timestamp_ns / 1000000000; > - pcap_header.ts.tv_usec = > pcap_header.extended_hdr.timestamp_ns % 1000; > + pcap_header.ts.tv_usec = > pcap_header.extended_hdr.timestamp_ns % 1000000000; > Fixed, my mistake, thank you. > time stamp read by tcpdump different from wireshark > In wireshark, the time stamp is read correctly with nanosecond > precision. In tcpdump, the nanosecond fraction is a constant and vary > everytime we read the file.
I made more fixes now, please update, it should work as expected. > incorrect packet content and filter not applicable. What drivers are you using? Please update everything now as I made a few fixes in several places. Alfredo > The whole packet frame have wrong length and unable to decode > the correct content from MAC level. > Attached the pcap file captured. > Best, > Mark > > 2016-06-03 1:35 GMT+08:00 Alfredo Cardigliano <[email protected] > <mailto:[email protected]>>: > Hi Marco > you are right, the pcap header is nsec but the time in the packet header is > actually usec, thus wireshark treats it as nsec, > I made some changes to libpcap on github, please update and let me know if it > fixes this issue. > > Alfredo > > <c.pcap>_______________________________________________ > Ntop-misc mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop-misc
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
