Wireshark · Wireshark-dev: Re: [Wireshark-dev] PCAP

Wireshark-dev: Re: [Wireshark-dev] PCAP

From: Jaap Keuter <jaap.keuter@xxxxxxxxx>

Date: Mon, 09 Jun 2008 21:09:19 +0200

Hi,

You might as well use the pinfo struct for that.

Thanx,
Jaap

Nicholas Marra wrote:

Hello,
I’m adding a feature to a dissector I created that compares the SystemPCAP timestamp with the Dissected Message Timestamp. The goal is tocompare the two timestamps and see if they are off by a certain amountof time. I located the PCAP Timestamp within the dissect_frame functionin the packet-frame.c file. This is located in thewireshark/epan/dissectors directory. The Message Timestamp is located inwireshark/plugins/dar. I included the appropriate header files in boththe packet-frame.c and my plugin c file. I set a variable in both cfiles to store the value of the times. However, I have been unable toget the variables to be set at the right time. I need the PCAP Timestampvalue to be passed to my plugin c file for use in my comparison. Doesanyone have any suggestions on how I may do this?

References:
- [Wireshark-dev] PCAP
  - From: Nicholas Marra

Prev by Date: Re: [Wireshark-dev] My dissector and the flow graph
Next by Date: Re: [Wireshark-dev] My dissector and the flow graph
Previous by thread: [Wireshark-dev] PCAP
Next by thread: Re: [Wireshark-dev] PCAP
Index(es):
- Date
- Thread