Ethereal-users: Re: [Ethereal-users] tethereal not showing timestamp?
Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.
From: Guy Harris <gharris@xxxxxxxxxxxx>
Date: Mon, 6 Nov 2000 01:15:32 -0800
On Tue, Oct 31, 2000 at 12:19:16PM +1100, Jesus M. Salvo Jr. wrote: > Using tethereal without -V, i get a (null) timestamp, like this (save > for the IP address which I xxx out ) TCP handshake below: > > 1 (null) x.x.x.x -> x.x.x.x TCP 48557 > https [SYN] > Seq=3902676461 Ack=0 Win=8760 Len=0 > 2 (null) x.x.x.x -> x.x.x.x TCP https > 48557 [SYN, ACK] > Seq=225431041 Ack=3902676462 Win=32000 Len=0 > 3 (null) x.x.x.x -> x.x.x.x TCP 48557 > https [ACK] > Seq=3902676462 Ack=225431042 Win=8760 Len=0 You probably changed the display columns not to show a time stamp. That doesn't work in the current version of Tethereal, as it always tries to print the same columns, *but* other code thinks the time stamp isn't needed and doesn't fill it in for the printing code in Tethereal to print. ... > Also, is tethereal supposed to use the same display columns in ethereal? > My modified display columns in ethereal only works in ethereal and not > in tethereal. Is there a way to modify the display columns in tethereal? Not in the current version of Tethereal. The attached patch will cause Tethereal to print the columns specified for Ethereal (except that it'll leave the frame number out if you're doing a live capture and printing rather than saving the result; that column's value probably isn't useful, as you're not saving the capture to a file, and thus will never be able to look at that packet in more detail later - neither snoop nor tcpdump print a frame number). There's no way to change, from the command line, the columns to be printed - you either have to fire up Ethereal and edit the list of columns there (and save the preferences afterwards!), or edit the preferences file by hand (there's currently no documentation for that). Those for whom such a feature would be useful might consider implementing it and sending the code to us, or, if they're not programmers, finding somebody to implement it and send the code to us.
Index: tethereal.c
===================================================================
RCS file: /usr/local/cvsroot/ethereal/tethereal.c,v
retrieving revision 1.54
diff -c -r1.54 tethereal.c
*** tethereal.c 2000/11/01 08:31:33 1.54
--- tethereal.c 2000/11/06 09:08:04
***************
*** 122,128 ****
union wtap_pseudo_header *, const u_char *);
static void wtap_dispatch_cb_print(u_char *, const struct wtap_pkthdr *, int,
union wtap_pseudo_header *, const u_char *);
- static gchar *col_info(frame_data *, gint);
packet_info pi;
capture_file cfile;
--- 122,127 ----
***************
*** 921,928 ****
frame_data fdata;
proto_tree *protocol_tree;
gboolean passed;
! print_args_t print_args;
epan_dissect_t *edt;
cf->count++;
--- 920,928 ----
frame_data fdata;
proto_tree *protocol_tree;
gboolean passed;
! print_args_t print_args;
epan_dissect_t *edt;
+ int i;
cf->count++;
***************
*** 960,985 ****
} else {
/* Just fill in the columns. */
fill_in_columns(&fdata);
! if (cf->iface == NULL) {
! printf("%3s %10s %12s -> %-12s %s %s\n",
! col_info(&fdata, COL_NUMBER),
! col_info(&fdata, COL_CLS_TIME),
! col_info(&fdata, COL_DEF_SRC),
! col_info(&fdata, COL_DEF_DST),
! col_info(&fdata, COL_PROTOCOL),
! col_info(&fdata, COL_INFO));
! } else {
! printf("%12s -> %-12s %s %s\n",
! col_info(&fdata, COL_DEF_SRC),
! col_info(&fdata, COL_DEF_DST),
! col_info(&fdata, COL_PROTOCOL),
! col_info(&fdata, COL_INFO));
}
}
if (print_hex) {
print_hex_data(stdout, print_args.format, buf,
fdata.cap_len, fdata.flags.encoding);
! printf("\n");
}
fdata.cinfo = NULL;
}
--- 960,1149 ----
} else {
/* Just fill in the columns. */
fill_in_columns(&fdata);
!
! /* Now print them. */
! for (i = 0; i < cf->cinfo.num_cols; i++) {
! switch (cf->cinfo.col_fmt[i]) {
! case COL_NUMBER:
! /*
! * Don't print this if we're doing a live capture from a network
! * interface - if we're doing a live capture, you won't be
! * able to look at the capture in the future (it's not being
! * saved anywhere), so the frame numbers are unlikely to be
! * useful.
! *
! * (XXX - it might be nice to be able to save and print at
! * the same time, sort of like an "Update list of packets
! * in real time" capture in Ethereal.)
! */
! if (cf->iface != NULL)
! continue;
! printf("%3s", cf->cinfo.col_data[i]);
! break;
!
! case COL_CLS_TIME:
! case COL_REL_TIME:
! case COL_ABS_TIME:
! case COL_ABS_DATE_TIME: /* XXX - wider */
! printf("%10s", cf->cinfo.col_data[i]);
! break;
!
! case COL_DEF_SRC:
! case COL_RES_SRC:
! case COL_UNRES_SRC:
! case COL_DEF_DL_SRC:
! case COL_RES_DL_SRC:
! case COL_UNRES_DL_SRC:
! case COL_DEF_NET_SRC:
! case COL_RES_NET_SRC:
! case COL_UNRES_NET_SRC:
! printf("%12s", cf->cinfo.col_data[i]);
! break;
!
! case COL_DEF_DST:
! case COL_RES_DST:
! case COL_UNRES_DST:
! case COL_DEF_DL_DST:
! case COL_RES_DL_DST:
! case COL_UNRES_DL_DST:
! case COL_DEF_NET_DST:
! case COL_RES_NET_DST:
! case COL_UNRES_NET_DST:
! printf("%-12s", cf->cinfo.col_data[i]);
! break;
!
! default:
! printf("%s", cf->cinfo.col_data[i]);
! break;
! }
! if (i != cf->cinfo.num_cols - 1) {
! /*
! * This isn't the last column, so we need to print a
! * separator between this column and the next.
! *
! * If we printed a network source and are printing a
! * network destination of the same type next, separate
! * them with "->"; if we printed a network destination
! * and are printing a network source of the same type
! * next, separate them with "<-"; otherwise separate them
! * with a space.
! */
! switch (cf->cinfo.col_fmt[i]) {
!
! case COL_DEF_SRC:
! case COL_RES_SRC:
! case COL_UNRES_SRC:
! switch (cf->cinfo.col_fmt[i + 1]) {
!
! case COL_DEF_DST:
! case COL_RES_DST:
! case COL_UNRES_DST:
! printf(" -> ");
! break;
!
! default:
! putchar(' ');
! break;
! }
! break;
!
! case COL_DEF_DL_SRC:
! case COL_RES_DL_SRC:
! case COL_UNRES_DL_SRC:
! switch (cf->cinfo.col_fmt[i + 1]) {
!
! case COL_DEF_DL_DST:
! case COL_RES_DL_DST:
! case COL_UNRES_DL_DST:
! printf(" -> ");
! break;
!
! default:
! putchar(' ');
! break;
! }
! break;
!
! case COL_DEF_NET_SRC:
! case COL_RES_NET_SRC:
! case COL_UNRES_NET_SRC:
! switch (cf->cinfo.col_fmt[i + 1]) {
!
! case COL_DEF_NET_DST:
! case COL_RES_NET_DST:
! case COL_UNRES_NET_DST:
! printf(" -> ");
! break;
!
! default:
! putchar(' ');
! break;
! }
! break;
!
! case COL_DEF_DST:
! case COL_RES_DST:
! case COL_UNRES_DST:
! switch (cf->cinfo.col_fmt[i + 1]) {
!
! case COL_DEF_SRC:
! case COL_RES_SRC:
! case COL_UNRES_SRC:
! printf(" <- ");
! break;
!
! default:
! putchar(' ');
! break;
! }
! break;
!
! case COL_DEF_DL_DST:
! case COL_RES_DL_DST:
! case COL_UNRES_DL_DST:
! switch (cf->cinfo.col_fmt[i + 1]) {
!
! case COL_DEF_DL_SRC:
! case COL_RES_DL_SRC:
! case COL_UNRES_DL_SRC:
! printf(" <- ");
! break;
!
! default:
! putchar(' ');
! break;
! }
! break;
!
! case COL_DEF_NET_DST:
! case COL_RES_NET_DST:
! case COL_UNRES_NET_DST:
! switch (cf->cinfo.col_fmt[i + 1]) {
!
! case COL_DEF_NET_SRC:
! case COL_RES_NET_SRC:
! case COL_UNRES_NET_SRC:
! printf(" <- ");
! break;
!
! default:
! putchar(' ');
! break;
! }
! break;
!
! default:
! putchar(' ');
! break;
! }
! }
}
}
+ putchar('\n');
if (print_hex) {
print_hex_data(stdout, print_args.format, buf,
fdata.cap_len, fdata.flags.encoding);
! putchar('\n');
}
fdata.cinfo = NULL;
}
***************
*** 1133,1150 ****
snprintf(err_msg, sizeof err_msg, file_open_error_message(err, FALSE), fname);
fprintf(stderr, "tethereal: %s\n", err_msg);
return (err);
- }
-
- /* Get the text in a given column */
- static gchar *
- col_info(frame_data *fd, gint el) {
- int i;
-
- if (fd->cinfo) {
- for (i = 0; i < fd->cinfo->num_cols; i++) {
- if (fd->cinfo->fmt_matx[i][el])
- return fd->cinfo->col_data[i];
- }
- }
- return NULL;
}
--- 1297,1300 ----
Index: doc/tethereal.pod.template
===================================================================
RCS file: /usr/local/cvsroot/ethereal/doc/tethereal.pod.template,v
retrieving revision 1.19
diff -c -r1.19 doc/tethereal.pod.template
*** doc/tethereal.pod.template 2000/11/01 08:31:35 1.19
--- doc/tethereal.pod.template 2000/11/06 09:08:05
***************
*** 50,62 ****
to the file specified by that flag.
When printing a decoded form of packets, B<Tethereal> prints, by
! default, a summary line giving a time stamp for the packet if it's
! reading a capture file (but not if it's printing packets as it captures
! them), the source and destination address for the packet, the top-level
! protocol for the packet that B<Tethereal> understands, and a summary of
! the packet's contents for that protocol. If the B<-V> flag is
! specified, it prints intead a protocol tree, showing all the fields of
! all protocols in the packet.
When writing packets to a file, B<Tethereal>, by default, writes the
file in B<libpcap> format, and writes all of the packets it sees to the
--- 50,62 ----
to the file specified by that flag.
When printing a decoded form of packets, B<Tethereal> prints, by
! default, a summary line containing the fields specified by the
! preferences file (which are also the fields displayed in the packet list
! pane in B<Ethereal>), although if it's printing packets as it captures
! them, rather than printing packets from a saved capture file, it won't
! print the "frame number" field. If the B<-V> flag is specified, it
! prints intead a protocol tree, showing all the fields of all protocols
! in the packet.
When writing packets to a file, B<Tethereal>, by default, writes the
file in B<libpcap> format, and writes all of the packets it sees to the
- Prev by Date: Re: [Ethereal-users] Enqiury about license
- Next by Date: [Ethereal-users] Filtering records
- Previous by thread: Re: [Ethereal-users] Enqiury about license
- Next by thread: [Ethereal-users] Filtering records
- Index(es):
