ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
July 17th, 2024 | 10:00am-11:55am SGT (UTC+8) | Online
Wireshark logo

Ethereal-dev: [Ethereal-dev] [Proposed Patch] netxray.c: display frame time reflecting TZ in c

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Bill Meier" <wmeier@xxxxxxxxxxx>
Date: Sun, 15 Jan 2006 13:18:59 -0500
I've spent a little time working through how to use the TZ stored
in netxray (Windows Sniffer) capture files when displaying packet 
frame times.

I'd like to get some feedback if the following approach and patch
seem reasonable.


Background
----------
Windows Sniffer capture files (v2.2 and presumably v2.3) files have a
timezone field in the file header (in addition to the UTC time field). 
It would be nice for Ethereal to display frames for these files with a time 
which reflects the time (local) time of the capture even if the machine 
running Ethereal is in a different timezone that the machine which made the 
original capture.

Currently Ethereal displays frame times in the "local" time of the machine 
running Ethereal (using the C library function 'localtime').

So: if a capture is made in the EST timezone and then displayed on a machine
in the CST timezone the times displayed will be off (earlier) by one hour.

Proposal
--------
In netxray.c determine the UTC 'start_time' by using the UTC time from the 
file header adjusted by the difference in hours between the capture 
file TZ and the local machine TZ. 

In the above example this would mean adjusting the UTC time by adding one hour.

I've attached a patch for netxray.c which determines the timezone delta 
and then adjusts the UTC 'start_time' appropriately.

Again, all comments are welcome.


[[[
Another possible solution is to somehow 'adjust' the TZ being used by 'localtime' 
(setting the global variable used by 'localtime' ? ['timezone' or something similar ?]).

I didn't see a portable way to do this (although I'm certainly no expert on the
details of timezone implementation in various C runtime libraries).

(Doing something like this would also have the drawback of affecting all usage of
localtime within the program and not just for displaying the frame times).
]]]


Bill Meier


The following section of this message contains a file attachment
prepared for transmission using the Internet MIME message format.
If you are using Pegasus Mail, or any other MIME-compliant system,
you should be able to save it or view it from within your mailer.
If you cannot, please ask your system administrator for assistance.

   ---- File information -----------
     File:  netxray_timezone_patch.txt.gz
     Date:  15 Jan 2006, 11:56
     Size:  1248 bytes.
     Type:  Unknown

Attachment: netxray_timezone_patch.txt.gz
Description: Binary data

Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube