ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
July 17th, 2024 | 10:00am-11:55am SGT (UTC+8) | Online
Wireshark logo

Wireshark-dev: [Wireshark-dev] adding IRIG time and time of day

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "John Dill" <John.Dill@xxxxxxxxxxxxxxxxx>
Date: Fri, 1 Nov 2013 16:39:16 -0400
I just finished installing the latest version of wireshark 1.10.2 and was able to build it successfully for Windows 7 using the recommended procedure in the developer's guide.
 
One of the things that I'd like to tweak is to add an IRIG time of day to the list of Time Display Formats.
 
View -> Time Display Format -> IRIG Time of Day (Ctrl + Alt + 8)
 
The issue is that my packet stream is synchronized to an IRIG time code generator and would like to display the date in the following format.
 
(day) hh:mm:ss.nnnnnnnnn
 
The timestamp is populated with a time of day starting with day 1 as Jan 1 12:00:00am and wraps around at either day 365 or 366 which corresponds to Dec 31, 11:59:59pm.  One slight issue is that the IRIG time does not capture the year, so some method will be needed to specify whether the date the leap year. I could use a heuristic like the date from the file, or use Ctrl + Alt + 8 to cycle between leap year and non-leap year displays.
 
The data is not collected from Wireshark directly, but from an external board that uses a modified pcap driver (cpcap) that I use to stream collected packets to file.
 
The Wireshark developer's guide recommended that I start here, so if there's any tips to start with, that would be great.
 
---
 
What I'm eventually after is the ability to specify an IRIG timestamp range to load a time slice from packet stream, as the traffic files I work with are in the 5-20 GB range and make it impossible to use Wireshark to inspect them except for a small fraction at the beginning (unless there is a method I'm not familiar with, as I'm not an expert at using Wireshark).  I could write an external tool to parse the packet block structure to create a copy of the file by removing any packet blocks outside the time range, but having it incorporated into Wireshark would make it more convenient to use.
 
I'm pretty familiar with C, somewhat familiar with the ntar file format, but completely new to the Wireshark development environment, so any pointers will be appreciated.
 
Thanks for any feedback.
 
Best regards,
John D.
 
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube