Wireshark-dev: [Wireshark-dev] time question

From: Brian Oleksa <oleksab@xxxxxxxxxxxxxxxxxxxxxx>
Date: Thu, 08 Apr 2010 10:41:47 -0400

Wiresharkers

I am trying to dissect the time in a particular packet. Here is it's format:

"The time is the source computer's system time in Greenwich Mean Time (GMT)." The size is 32 bits or 4 bytes.

What is the best method to use to dissect this time..?? I tired this...but did not have any luck:

                       nstime_t t;
                       guint64 msecs_since_the_epoch;
                       struct tm *tmp;
                       msecs_since_the_epoch = tvb_get_ntoh64(tvb, offset);
                       t.secs = msecs_since_the_epoch / 1000;
t.nsecs = (msecs_since_the_epoch % 1000)*1000000; /* milliseconds to nanoseconds */
                       tmp = gmtime(&t.secs);

                   if (tmp != NULL)
                       {
proto_tree_add_time_format(time_sub_tree, hf_helen_time, tvb, offset, 4, &t, "Date: %s %2d, %d %02d:%02d:%02d UTC", mon_names[tmp->tm_mon], tmp->tm_mday, tmp->tm_year + 1900, tmp->tm_hour, tmp->tm_min, tmp->tm_sec);
                       }
                       offset += 4




Also...I am trying to dissect longitude, latitude and altitude. Here is it's format. The size is also 32 bits or 4 bytes.

The <latitude>, <longitude>, and <altitude> fields contain values corresponding to GPS information for the MGEN source if it was available. The <latitude> and <longitude> fields are encoded as follows:

<fieldValue> = (unsigned long)((<actualValue>+180.0)*60000.0)

The <altitude> field is the direct representation of the altitude value available from the source's GPS system.

I tried this but had no luck:

           longitude = tvb_get_ntoh64(tvb, offset);
           longitude = (longitude+180)*60000;
proto_tree_add_uint_format(mgen_sub_tree, hf_helen_length, tvb, offset, 4, 0,
                 "Longitude: %f", longitude);
           offset += 4;



Thanks,
Brian