The time has been adjusted to make it relative to 1970. This is an EPB as it appears in the PCAPng file I create. I need to know what Wireshark expects to see. I'm confident that the timestamp field is being correctly populated with the timestamp from the packet trace header, suggesting that Wireshark is expecting something different from what I am giving it. However, if I choose a date and time of day format, the time field is blank. ![]() In Wireshark, if I choose one of the "Seconds since" time formats, the time displayed looks reasonable. The time stamp is a 64-but unsigned binary number taken from the z/architecture TOD clock (sometimes called the STCK time). The feature works quite well, but I have recently discovered that something is amiss with the timestamp in the EPB. ![]() The product also allows the user to create a PCAPng file from an existing z/OS packet trace file. I have been tasked with adding a feature to our TCP/IP monitor product, which runs under z/OS on IBM mainframes, that will allow a user create a PCAPng file from packet trace data provided by the TCP/IP stack being monitored.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |