Re: wiretap - using as a library rather than coupled with Wireshark?

[Guy Harris <guy () alum mit edu>]

On Dec 3, 2015, at 3:12 PM, Guy Harris <guy () alum mit edu> wrote:

> On Dec 3, 2015, at 2:53 PM, Richard Kinder <rkinder () quantenna com> wrote:
>
> > From what I can see, peektagged has no TSF timestamp
>
> The "Peek tagged" format (to use WildPackets^WSavvius's name for it) *does* support TSF time stamps;

Sorry, my mistake.  What we currently parse are tags for the upper and lower 32 bits of "the time when the packet 
arrived", not any tags for the TSF time stamp.  0x000C and 0x000D *might* be a TSF time stamp, but, without a capture 
where *Peek identifies something as the TSF time stamp and gets the values from those two tags, we don't know that for 
sure.

If you can identify any of the unknown tag values (at least some of which we're pretty sure we know, but others are 
mysteries), that would be nice.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe