Re: Incorrect timestamp when using Airpcap

[Guy Harris <guy () alum mit edu>]

On Mar 4, 2015, at 9:08 AM, "Noel, Andre (6024395)" <andre.noel () bell ca> wrote:

> One of my colleague  have run into situations with Wireshark where it captures incorrect system time? Like 1970 for 
> the year???
> He loaded the airpcap feature on is home pc to capture wifi packets from his laptop as part of the HP / INTEL trouble 
> we have open. Commview captured time 11 minutes out, but Wireshark defaults back to 1970-01-01 for some reason…
>  
> I don’t see why he is have this issue.
>  
> He’s tried Wireshark V. 1.12.3 and backed down to V. 1.10.12. Both exhibit the same issue where date defaults to 
> 1970-01-01 or 1969-12-31. He has reset time zone, date and time on the workstation. The workstation  is also set to 
> update time via NTP

Has he tried WinDump:

        http://www.winpcap.org/windump/default.htm

If that also gives the same problem, as I suspect it will, this is probably either a problem with the AirPcap library 
or, if the time stamps come from the AirPcap hardware rather than the OS's kernel-level time stamp calls, with the 
AirPcap hardware; I suggest you contact Riverbed about this.
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe