Attached is a small patch to make the dissection of ICMP timestamp
requests and replies human readable. Currently, Ethereal displays the
raw values from the packet of milliseconds since midnight UTC, for
example: 78176394. This patch changes the display of milliseconds to a
human readable string, for example: "21 hours, 35 minutes, 48.12 seconds
since midnight UTC".
It can be tested with "ping -M time <hostname>" on FreeBSD, "ping -T
tsonly <hostname>" on Linux, or a time synchronization program such as
Tardis 2000 for Windows with the ICMP Timestamp setting.
Steve
--- epan/dissectors/packet-ip.c (revision 18189)
+++ epan/dissectors/packet-ip.c (working copy)
@@ -54,6 +54,7 @@
#include <epan/nlpid.h>
#include <epan/tap.h>
#include <epan/emem.h>
+#include <epan/nstime.h>
static int ip_tap = -1;
@@ -1931,12 +1932,12 @@
case ICMP_TSTAMP:
case ICMP_TSTAMPREPLY:
- proto_tree_add_text(icmp_tree, tvb, 8, 4, "Originate timestamp: %u",
- tvb_get_ntohl(tvb, 8));
- proto_tree_add_text(icmp_tree, tvb, 12, 4, "Receive timestamp: %u",
- tvb_get_ntohl(tvb, 12));
- proto_tree_add_text(icmp_tree, tvb, 16, 4, "Transmit timestamp: %u",
- tvb_get_ntohl(tvb, 16));
+ proto_tree_add_text(icmp_tree, tvb, 8, 4, "Originate timestamp: %s after midnight UTC",
+ time_msecs_to_str(tvb_get_ntohl(tvb, 8)));
+ proto_tree_add_text(icmp_tree, tvb, 12, 4, "Receive timestamp: %s after midnight UTC",
+ time_msecs_to_str(tvb_get_ntohl(tvb, 12)));
+ proto_tree_add_text(icmp_tree, tvb, 16, 4, "Transmit timestamp: %s after midnight UTC",
+ time_msecs_to_str(tvb_get_ntohl(tvb, 16)));
break;
case ICMP_MASKREQ:
_______________________________________________
Ethereal-dev mailing list
Ethereal-dev@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-dev
