Ethereal-dev: Re: [Ethereal-dev] How to read/import and display capture files with 1ns timesta
Ethereal development <ethereal-dev@xxxxxxxxxxxx> schrieb am 24.08.05 11:22:17:
>
> Using a separate path for writing packets in live captures would avoid
> that. That's the reason I mentioned the capture code path.
I would think that this is simply a different task, nonetheless desireable.
>
> >Having a look at the implementation, I've just added a new function (in my personal tree) to read the current timestamp resolution from wiretap (in the format provided by the NTAR spec, therefore the questions).
> >
> >
> That'd be another way to do it, which would avoid the overhead referred
> to before (although, as per my comments about radio headers, I'd still
> eventually like to go with a separate path for writing packets in live
> captures).
>
I will keep this idea for now as I would think this is the fastest way to get things done.
> >This way I'm now looking for a way to change the display to be corresponding to the file content.
> >
> Probably the best way to do that would be to convert time stamps to
> nstime_t's in Ethereal and Tethereal at the time the packets are read
> from Wiretap.
Yes, that would be a good idea, I'll have a look.
> You might also want to supply time stamp significant
> figure information as well, so you don't, for example, display with 9
> digits after the decimal point time stamps with only 6 significant
> digits after the decimal point; unfortunately, pcap-NG has no option
> time stamp precision - and I'm not sure any packet capture information
> supplies the *true* resolution of time stamps.
There are a *lot* of places (e.g. some timestamps in statistics) where these values are used, I must have a look at all those places.
>
> >Simply changing the magic value or DLT_ (or alike) would be enough, no further changes to the file format required.
> >
> >
> As per other mail, the magic number is the thing to change; the time
> resolution isn't connected with the type of link-layer header in the
> capture, the latter being with the DLT_ specifies.
>
Ok, now I got it. Changing the magic number is the right way, could you supply me with a new one, as the "other one" doesn't seem to respond to your mail.
Regards, ULFL
_________________________________________________________________________
Mit der Gruppen-SMS von WEB.DE FreeMail können Sie eine SMS an alle
Freunde gleichzeitig schicken: http://freemail.web.de/features/?mc=021179