This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

How to add packettime in pcap header ?

0

Hi,

i am trying to generate pcap files from a collection of packet data. I put the global header and packet data correctly and it appeared correctly in wireshark. But the problem is with the arrival time of the packet, which is not getting as expected;

Can someone please describe how to create the first 8 bytes in the pcap header ?

I give the first 4 byte as seconds from 1970/1/1 till now and next 4 byte as 00 00 00 05.

asked 15 Jan '14, 22:44

Binu%20Babu's gravatar image

Binu Babu
26243
accept rate: 33%

edited 16 Jan '14, 00:09

which is not getting as expected

What are you expecting, and what are you getting?

(16 Jan '14, 18:22) Guy Harris ♦♦

I need to see the arrival time as 2013-01-15 02:00:00.000000000 in pcap file with wireshark. For this i took the seconds since 1970/1/1 till the same datetime as mentioned above and put in the pcap header(as first 4 byte). But its getting as wrong date in wireshark.

(16 Jan '14, 22:04) Binu Babu

What date do you get in Wireshark?

(16 Jan '14, 22:42) Guy Harris ♦♦

One Answer:

0

It is showing in date field as 'Not representable'.

Edit: Hi Guy Harris, I could trace the mistake ,that was in the magic number order. I used it as "D4 C3 B2 A1" and didn't swap the timestamp.Now its working fine by swapping the seconds in the pcap header.

answered 16 Jan '14, 22:52

Binu%20Babu's gravatar image

Binu Babu
26243
accept rate: 33%