Wireshark-dev: [Wireshark-dev] PCAP

From: "Nicholas Marra" <NMarra@xxxxxxxxxx>
Date: Mon, 9 Jun 2008 12:39:52 -0400

Hello,

 

I’m adding a feature to a dissector I created that compares the System PCAP timestamp with the Dissected Message Timestamp. The goal is to compare the two timestamps and see if they are off by a certain amount of time. I located the PCAP Timestamp within the dissect_frame function in the packet-frame.c file. This is located in the wireshark/epan/dissectors directory. The Message Timestamp is located in wireshark/plugins/dar. I included the appropriate header files in both the packet-frame.c and my plugin c file. I set a variable in both c files to store the value of the times. However, I have been unable to get the variables to be set at the right time. I need the PCAP Timestamp value to be passed to my plugin c file for use in my comparison. Does anyone have any suggestions on how I may do this?

 

 

 

 

***Teletronics Technology Corporation***
This e-mail is confidential and may also be privileged.  If you are not the addressee or authorized by the addressee to receive this e-mail, you may not disclose, copy, distribute, or use this e-mail. If you have received this e-mail in error, please notify the sender immediately by reply e-mail or by telephone at 267-352-2020 and destroy this message and any copies. 

Thank you.

*******************************************************************