Ethereal-dev: Re: [Ethereal-dev] Read timestamp from package header...

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Guy Harris <guy@xxxxxxxxxx>
Date: Wed, 30 Oct 2002 12:08:16 -0800
On Wed, Oct 30, 2002 at 10:28:05AM +0100, PCS-GAST 3 wrote:
> i need help to parse the ethereal capture file. I want to how I read the
> messure-timestamp for any IP package. I need to know how I can decode
> year/mouth/day hh/mm/ss/ms... from a single frame to use this in another
> application.

There are a couple of ways of doing this.

Ethereal capture files are in libpcap format, which is the same format
that tcpdump uses.  There is a library, which tcpdump uses to read
capture files, called, well, "libpcap" - you can just write a program
that opens the capture file using "pcap_open_offline()" and reads them
with "pcap_loop()".

If you do that, decoding the contents of the packet are the
responsibility of your program; libpcap just provides you with the raw
packet data as an array of bytes.

Alternatively, you could run either Tethereal or tcpdump on the capture
file and parse the output of the program.