Ethereal-dev: Re: [Ethereal-dev] How to read/import and display capture files with 1ns timesta

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Ulf Lamping <ulf.lamping@xxxxxx>
Date: Wed, 24 Aug 2005 12:53:29 +0200

Ethereal development <ethereal-dev@xxxxxxxxxxxx> schrieb am 24.08.05 11:22:17:
> 
> Using a separate path for writing packets in live captures would avoid 
> that.  That's the reason I mentioned the capture code path.

I would think that this is simply a different task, nonetheless desireable.

> 
> >Having a look at the implementation, I've just added a new function (in my personal tree) to read the current timestamp resolution from wiretap (in the format provided by the NTAR spec, therefore the questions).
> >  
> >
> That'd be another way to do it, which would avoid the overhead referred 
> to before (although, as per my comments about radio headers, I'd still 
> eventually like to go with a separate path for writing packets in live 
> captures).
> 

I will keep this idea for now as I would think this is the fastest way to get things done.

> >This way I'm now looking for a way to change the display to be corresponding to the file content.
> >
> Probably the best way to do that would be to convert time stamps to 
> nstime_t's in Ethereal and Tethereal at the time the packets are read 
> from Wiretap.  

Yes, that would be a good idea, I'll have a look.

> You might also want to supply time stamp significant 
> figure information as well, so you don't, for example, display with 9 
> digits after the decimal point time stamps with only 6 significant 
> digits after the decimal point; unfortunately, pcap-NG has no option 
> time stamp precision - and I'm not sure any packet capture information 
> supplies the *true* resolution of time stamps.

There are a *lot* of places (e.g. some timestamps in statistics) where these values are used, I must have a look at all those places.

> 
> >Simply changing the magic value or DLT_ (or alike) would be enough, no further changes to the file format required.
> >  
> >
> As per other mail, the magic number is the thing to change; the time 
> resolution isn't connected with the type of link-layer header in the 
> capture, the latter being with the DLT_ specifies.
> 

Ok, now I got it. Changing the magic number is the right way, could you supply me with a new one, as the "other one" doesn't seem to respond to your mail.

Regards, ULFL
_________________________________________________________________________
Mit der Gruppen-SMS von WEB.DE FreeMail können Sie eine SMS an alle 
Freunde gleichzeitig schicken: http://freemail.web.de/features/?mc=021179