Qual é a unidade de tempo usada em wireshark? como é calculado, em ms,s...? obrigado. (Or, for those who can't read Portuguese, a translation from Google Translate: What is the unit of time used in wireshark? how is it calculated in ms, s...? Thank you.) asked 29 Apr '11, 13:15  Guilherme edited 29 Apr '11, 18:05  Guy Harris ♦♦ |
One Answer:
Internally, Wireshark's units of time are nanoseconds. However, not all packet time stamps have nanosecond resolution; the time stamps in pcap files, for example, have microsecond resolution, and there's no guarantee that the time stamps are accurate to the microsecond. answered 29 Apr '11, 18:07 Guy Harris ♦♦ showing 5 of 6 show 1 more comments |
And how do you know the resolution?
You have to know the capture file format. Wireshark should provide that in the summary information, but doesn't.
Bem, não entendi muito. Os formatos são de arquivos html, mht, htm ... obrigado.
(In English: Well, I did not understand. The file formats are html, mht, htm ... Thank you.)
By "capture file format" I mean the format of the file you opened with Wireshark, not the format of the data transferred over the network in the capture. If you captured the traffic with Wireshark, the file format would be pcap format; that's also the format used by tcpdump and TShark.
Entendi. Então pelo formato pcap o tempo está em nanossegundo? Eu não tenho experiência nisso, estou aprendendo para um projeto de redes do curso técnico. obrigado.
(In English: Understood. So the time in pcap format is in nanoseconds? I have no experience with it, I'm learning to design a network of technical courses. Thank you.)
No, the time format in pcap files is in units of microseconds, except in captures from the tcpdump that is part of AIX. There is a modified pcap format that supports nanoseconds, but I don't know what uses it. (AIX doesn't use it, so Wireshark has to do some hacks to figure out whether the file is from AIX or not.)