Wireshark mailing list archives
Re: changing the time
From: Natalie Shapira <nd1234 () gmail com>
Date: Thu, 31 Jan 2013 13:53:35 +0200
Hi Martin, Thank you for your detailed answer. It help out. Natalie. On Thu, Jan 31, 2013 at 11:58 AM, Martin Mathieson < martin.r.mathieson () googlemail com> wrote:
I don't know if overriding the time is a good idea - but I'm not sure what would go wrong. You can add any field as a column by right-clicking on the field and choosing 'Apply as Column'. I do this with the log files my company uses - we have a timestamp field in our file format that ends up being dissected (see hf_catapult_dct2000_timestamp in packet-catapult-dct2000.c). I find it tedious to try to analyse a file that is not in the correct order though, and it can interfere with sequence analysis that dissectors can do. If it is easy to find/parse the timestamp, I would consider writing a console wiretap program, based upon reordercap, that would: - read the frames in, but overwriting the timestamp with a value derived from the timestamp parsed from your frames - sort the frames by this timestamp - write sorted frames to an output file Of course, I don't really know what you are doing, and whether seeing the original capture time is also useful.... Martin On Thu, Jan 31, 2013 at 5:42 AM, Natalie Shapira <nd1234 () gmail com> wrote:Thanks. Eventually I override pinfo->fd->rel_ts pinfo->fd->del_dis_ts It looks good. If I would have problems again, I will create separate column. BTW, can you think about dissector who did it (adding column)? so I could use it as an example.. Natalie. On Wed, Jan 30, 2013 at 2:44 PM, Evan Huus <eapache () gmail com> wrote:You can add the new timestamp as a regular dissected field. Wireshark allows you to create columns out of arbitrary fields in dissected packets. Cheers, Evan On Wed, Jan 30, 2013 at 4:51 AM, Natalie Shapira <nd1234 () gmail com> wrote:Anyway, you gave me other idea. What about making new column ofmy_timestampand sort by that column... Do I have the ability to add a new columnfrom adissector? On Wed, Jan 30, 2013 at 11:46 AM, Natalie Shapira <nd1234 () gmail com>wrote:I have no choice. It's a workaround for a hardware bug. On Wed, Jan 30, 2013 at 11:05 AM, Anders Broman <anders.broman () ericsson com> wrote:Hi, Those are the timestamps of packet arrival there should be no need to change them from a dissector - sounds like a bad idea to me. Regards Anders ________________________________ From: wireshark-dev-bounces () wireshark org [mailto:wireshark-dev-bounces () wireshark org] On Behalf Of NatalieShapiraSent: den 30 januari 2013 09:16 To: wireshark-dev () wireshark org Subject: [Wireshark-dev] changing the time Hi everybody, It's my first question so, nice to meet you! I'm writing new dissector (plugin). I want to change the time of the packet. I tried to change pinfo->fd->rel_ts.secs andpinfo->fd->rel_ts.nsecs. Itlooks like I did it BUT, after sorting, not all packets are in theexactplace. Do you have an example, idea or any recommendation? Thanks, Natalie.___________________________________________________________________________Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark orgArchives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe___________________________________________________________________________Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org ?subject=unsubscribe___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org ?subject=unsubscribe___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org ?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- changing the time Natalie Shapira (Jan 30)
- Re: changing the time Anders Broman (Jan 30)
- Re: changing the time Natalie Shapira (Jan 30)
- Re: changing the time Natalie Shapira (Jan 30)
- Re: changing the time Evan Huus (Jan 30)
- Re: changing the time Natalie Shapira (Jan 30)
- Re: changing the time Martin Mathieson (Jan 31)
- Re: changing the time Natalie Shapira (Jan 31)
- Re: changing the time Natalie Shapira (Jan 30)
- Re: changing the time Anders Broman (Jan 30)