Wireshark mailing list archives
Re: adding IRIG time and time of day
From: "John Dill" <John.Dill () greenfieldeng com>
Date: Sat, 2 Nov 2013 19:36:02 -0400
Date: Fri, 1 Nov 2013 14:18:04 -0700 From: Guy Harris <guy () alum mit edu> To: Developer support list for Wireshark <wireshark-dev () wireshark org> Subject: Re: [Wireshark-dev] adding IRIG time and time of day Message-ID: <7D6992B1-A55A-45A6-948D-117DC8C29D22 () alum mit edu> Content-Type: text/plain; charset=iso-8859-1 On Nov 1, 2013, at 1:39 PM, John Dill <John.Dill () greenfieldeng com> wrote:I just finished installing the latest version of wireshark 1.10.2 and was able to build it successfully for Windows 7 using the recommended procedure in the developer's guide. One of the things that I'd like to tweak is to add an IRIG time of day to the list of Time Display Formats.Note that View -> Time Display Format controls the way packet time stamps are displayed, so the only formats that make sense are formats where you can >take a count of seconds and nanoseconds since January 1, 1970, 00:00:00 UTC and convert it to that format. Nothing else is implementable. If, however, the file contains IRIG time stamps *in addition to* the packet time stamp read by Wireshark, it might be possible to have an IRIG time >stamp column, separate from the "Time" column.The issue is that my packet stream is synchronized to an IRIG time code generator and would like to display the date in the following format. (day) hh:mm:ss.nnnnnnnnn The timestamp is populated with a time of day starting with day 1 as Jan 1 12:00:00am and wraps around at either day 365 or 366 which corresponds to >Dec 31, 11:59:59pm. One slight issue is that the IRIG time does not capture the year, so some method will be needed to specify whether the date the >leap year. I could use a heuristic like the date from the file, or use Ctrl + Alt + 8 to cycle between leap year and non-leap year displays. The data is not collected from Wireshark directly, but from an external board that uses a modified pcap driver (cpcap) that I use to stream >collected packets to file.What is the file format? Where does it store the IRIG time stamps?
The file is NTAR (another name for pcap-ng?). The software stores the 64-bit IRIG timestamp in the Timestamp (High)/Timestamp (Low) field of a Packet Block. It's injected into the packet stream from a 10-nanosecond resolution clock on the capture board that is synchronized to an external IRIG-B timecode. It's used to synchronize the time of the packet stream with ARINC 429 and MIL-STD-1553 data streams, which are also IRIG-B time coded. IRIG-B is a time format that is simply a count of seconds since Jan 1 at midnight UTC, not from 1970. +---------------------------------------------------------------+ 0 | Block Type = 0x00000006 | +---------------------------------------------------------------+ 4 | Block Total Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 8 | Interface ID | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 12 | Timestamp (High) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ IRIG-B Timestamp 16 | Timestamp (Low) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 20 | Captured Len | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 24 | Packet Len | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 28 / / / Packet Data / / /* variable length, aligned to 32 bits */ / / / +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ / / / Options (variable) / / / +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Block Total Length | +---------------------------------------------------------------+ Isn't the time column displayed based on the contents of Timestamp (High)/Timestamp (Low)? I figure that adding another display option should be feasible to handle this special case. Everything looks fine when I use the UTC time without the date, but with a date it's wrong as it displays a date in 1970. Best regards, John D.
<<winmail.dat>>
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- adding IRIG time and time of day John Dill (Nov 01)
- Re: adding IRIG time and time of day Guy Harris (Nov 01)
- Re: adding IRIG time and time of day Guy Harris (Nov 04)
- Re: adding IRIG time and time of day Guy Harris (Nov 04)
- <Possible follow-ups>
- Re: adding IRIG time and time of day John Dill (Nov 02)
- Re: adding IRIG time and time of day Guy Harris (Nov 02)
- Re: adding IRIG time and time of day John Dill (Nov 04)
- Re: adding IRIG time and time of day John Dill (Nov 05)
- Re: adding IRIG time and time of day Guy Harris (Nov 05)
- Re: adding IRIG time and time of day John Dill (Nov 05)
- Re: adding IRIG time and time of day Guy Harris (Nov 06)
- Re: adding IRIG time and time of day John Dill (Nov 07)