Anyone had any experience with *.pcap manipulation libs?
Posted
by zxcvbnm
on Stack Overflow
See other posts from Stack Overflow
or by zxcvbnm
Published on 2010-04-03T00:16:57Z
Indexed on
2010/04/03
0:23 UTC
Read the original article
Hit count: 788
I'm using the SharpPcap + PacketDotNet libraries to process some .pcap files and came across a bug in the way the timestamps are calculated.
Take this Timeval property, which is something along these lines:
PosixTimeval Timeval
{
DateTime Date;
ulong Seconds;
ulong MicroSeconds;
}
The problem is as follows: Suppose you have a trace open in Wireshark with one of the packets with a timestamp of "0.002". Once you open it within one of your programs, it retrieves the packet and its Timeval is setup such that Seconds = 0
and MicroSeconds = 002 = 2
. This is done under the hood, so there is no way to avoid it as far as I can tell.
My question is if that problem is common to other libraries (and maybe all of them?) who manipulate the pcap file format, which I think are built around the same collection of c/c++ functions, or if this is a problem only with the ones I'm using.
© Stack Overflow or respective owner