Wireshark
Wireshark-dev: [Wireshark-dev] PCAP
From: "Nicholas Marra" <NMarra@xxxxxxxxxx>
Date: Mon, 9 Jun 2008 12:39:52 -0400
|
Hello, I’m adding a feature to a dissector I created that
compares the System PCAP timestamp with the Dissected Message Timestamp. The
goal is to compare the two timestamps and see if they are off by a certain amount
of time. I located the PCAP Timestamp within the dissect_frame function in the
packet-frame.c file. This is located in the wireshark/epan/dissectors
directory. The Message Timestamp is located in wireshark/plugins/dar. I included
the appropriate header files in both the packet-frame.c and my plugin c file. I
set a variable in both c files to store the value of the times. However, I have
been unable to get the variables to be set at the right time. I need the PCAP Timestamp
value to be passed to my plugin c file for use in my comparison. Does anyone
have any suggestions on how I may do this? ***Teletronics Technology Corporation*** Thank you. ******************************************************************* |
- Follow-Ups:
- Re: [Wireshark-dev] PCAP
- From: Jaap Keuter
- Re: [Wireshark-dev] PCAP
- From: Guy Harris
- Re: [Wireshark-dev] PCAP
- Prev by Date: [Wireshark-dev] How to call dissectors which are not registered (by register_dissector)?
- Next by Date: [Wireshark-dev] "tshark: This version of TShark was not built with support for capturing packets"
- Previous by thread: Re: [Wireshark-dev] How to call dissectors which are not registered (by register_dissector)?
- Next by thread: Re: [Wireshark-dev] PCAP
- Index(es):