Varuna De Silva wrote:
We also have another pertinent question to our case. This is the
timestamp question.
Now we read in two TDM lines i.e. TX and RX, the messages on these two
lines are
being Timestamped by the Hardware. But with our read function these
packets may be
read in at different times. But on the pcap_header we give the time
generated by the
HW.
But while doing so some thing like the following might take place. That
is a packet
captured at time 0 from the TX line might be read in and be callback()
after a packet
captured at time 1 from the RX line. But the original time stamp will be
given when it
is callback().
Now my question is that, will those packets be shown in the GUI
according to the
timestamp provided to it or according to the sequence of reading them
and doing
the callback().
If it uses the timestamp for this purpose of, displaying packets our
problem is solved.
In which case Wireshark has an internal Buffer? ( Please Correct me )
The GUI will (by default) sort by frame number (that is: the order in
which the packets were received by Wireshark). You can change the sort
order by clicking on, for example, the time stamp column.
Ultimately what we want is to show the correct flow diagram from the
Statistics -> Flow Graph... in wireshark.
Because if not the flow graph provides less useful information for us.
for example IAM message displayed after ACM, in a typical ISUP call setup.
Hmm, that will probably (don't know for sure) process the packets in the
order they are in the file (e.g., by frame number).
I'm not sure if one of the existing tools will let you rewrite a PCAP
file with a different sort order or not.
