Wireshark-dev: Re: [Wireshark-dev] [PATCH] USB setup hdr

From: Paolo Abeni <paolo.abeni@xxxxxxxx>
Date: Sun, 15 Oct 2006 12:23:00 +0200
Hello,

On Sat, 2006-10-14 at 21:42 +0000, ronnie sahlberg wrote:
> In the example capture unplug_mouse2.cap
> it appears that the timestamp for the packet is not generated properly.
> All packets show up as JAN 1 1970.
> 
> 1, Can you have a look at the timestamp generation of packets when capturing.

The issue is that current kernel code provides the timestamp compressing
a struct timeval in only 32 bits; 8 bits for tv_sec field and 24 for
tv_usec. There is some buzz on the lkml to update the usbmon module;
perhaps this is going to be fixed.

> 2, Can you provide some more example captures we can use to continue
> to refine the dissector?
> I would be interested in a capture that contains traffic when a memory
> stick is attached and a file is created/written to the memory stick
> so I can see all layers that need to be implemented before we can plug
> it into the current SCSI dissector.

I'll provide new capture samples ASAP. Not too soon, because until
Wednesday I will be busy.

> 5, Can you also provide example captures with bluetooth and the new
> libpcap file format?
> (and a patch to wireshark to read these new files)

There is no new libpcap format. The only think new is the data link type
(DLT_BLUETOOTH_H4). A libwritetap patch has been yet merged to support
this data link type, so Wireshark will read the bluetooth dump with no
additional patch.

Best regards,

Paolo