Wireshark-dev: Re: [Wireshark-dev] time question
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: Anders Broman <a.broman@xxxxxxxxx>
Date: Thu, 08 Apr 2010 20:37:18 +0200
Brian Oleksa skrev 2010-04-08 16:41:

Wiresharkers

I am trying to dissect the time in a particular packet. Here is it's format:

"The time is the source computer's system time in Greenwich Mean Time
(GMT)." The size is 32 bits or 4 bytes.

What is the best method to use to dissect this time..?? I tired
this...but did not have any luck:

                         nstime_t t;
                         guint64 msecs_since_the_epoch;
                         struct tm *tmp;
                         msecs_since_the_epoch = tvb_get_ntoh64(tvb, offset);

Well you are fetching 8 bytes not four...

                         t.secs = msecs_since_the_epoch / 1000;
                         t.nsecs = (msecs_since_the_epoch %
1000)*1000000; /* milliseconds to nanoseconds */
                         tmp = gmtime(&t.secs);

                     if (tmp != NULL)
                         {
                         proto_tree_add_time_format(time_sub_tree,
hf_helen_time, tvb, offset, 4,&t,
                                 "Date: %s %2d, %d %02d:%02d:%02d UTC",
mon_names[tmp->tm_mon], tmp->tm_mday,
                                 tmp->tm_year + 1900, tmp->tm_hour,
tmp->tm_min, tmp->tm_sec);
                         }
                         offset += 4




Also...I am trying to dissect longitude, latitude and altitude. Here is
it's format. The size is also 32 bits or 4 bytes.

The<latitude>,<longitude>, and<altitude>  fields contain values
corresponding to GPS information for the MGEN source if it was
available. The<latitude>  and<longitude>  fields are encoded as follows:

<fieldValue>  = (unsigned long)((<actualValue>+180.0)*60000.0)

The<altitude>  field is the direct representation of the altitude value
available from the source's GPS system.

I tried this but had no luck:

             longitude = tvb_get_ntoh64(tvb, offset);

Well you are fetching 8 bytes not four...

             longitude = (longitude+180)*60000;

Assuming the field on the wire is encoded as:

<fieldValue>  = (unsigned long)((<actualValue>+180.0)*60000.0)

shouldn't that be (double)actualValue= (longitude/60000.0)-180

             proto_tree_add_uint_format(mgen_sub_tree, hf_helen_length,
tvb, offset, 4, 0,
                   "Longitude: %f", longitude);
             offset += 4;



Thanks,
Brian






___________________________________________________________________________
Sent via:    Wireshark-dev mailing list<wireshark-dev@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
              mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe