diff options
| author | Guy Harris <guy@alum.mit.edu> | 1999-03-01 22:59:47 +0000 |
|---|---|---|
| committer | Guy Harris <guy@alum.mit.edu> | 1999-03-01 22:59:47 +0000 |
| commit | e2b7e1aba956bda171fc111e66db7a84712b9ea2 (patch) | |
| tree | acb758504ab9fa21156edbde622ef0277a423aa6 | |
| parent | 70451c547a09396841fbdc9c9acb4ac75aa2d88d (diff) | |
| download | wireshark-e2b7e1aba956bda171fc111e66db7a84712b9ea2.tar.gz | |
It turns out that the first of the unknown fields in the NetXRay header
appears to be the UNIX "time_t" when the capture started, so use that to
figure out the time when a packet was captured.
svn path=/trunk/; revision=204
| -rw-r--r-- | wiretap/README | 9 | ||||
| -rw-r--r-- | wiretap/netxray.c | 22 | ||||
| -rw-r--r-- | wiretap/wtap.h | 5 |
3 files changed, 18 insertions, 18 deletions
diff --git a/wiretap/README b/wiretap/README index e98c760e1b..db4972b39c 100644 --- a/wiretap/README +++ b/wiretap/README @@ -1,4 +1,4 @@ -$Id: README,v 1.12 1999/03/01 20:35:33 guy Exp $ +$Id: README,v 1.13 1999/03/01 22:59:47 guy Exp $ Wiretap is a library that is being developed as a future replacement for libpcap, the current standard Unix library for packet capturing. Libpcap is @@ -106,10 +106,9 @@ if possible). Sniffer Basic (NetXRay)/Windows Sniffer Pro ------------------------------------------- Network Associates' Sniffer Basic (formerly NetXRay from Cinco Networks) -file format is now partially supported; only Ethernet and Token Ring -captures can be read, and the packet time stamp isn't correctly -computed. Network Associates' Windows Sniffer Pro appears to use a -variant of that format; it's supported to the same extent. +file format is now supported, at least for Ethernet and token-ring. +Network Associates' Windows Sniffer Pro appears to use a variant of that +format; it's supported to the same extent. Gilbert Ramirez <gram@verdict.uthscsa.edu> Guy Harris <guy@netapp.com> diff --git a/wiretap/netxray.c b/wiretap/netxray.c index 741a80b00b..ad27000c97 100644 --- a/wiretap/netxray.c +++ b/wiretap/netxray.c @@ -1,6 +1,6 @@ /* netxray.c * - * $Id: netxray.c,v 1.2 1999/03/01 18:57:06 gram Exp $ + * $Id: netxray.c,v 1.3 1999/03/01 22:59:47 guy Exp $ * * Wiretap Library * Copyright (c) 1998 by Gilbert Ramirez <gram@verdict.uthscsa.edu> @@ -38,14 +38,15 @@ static const char netxray_magic[] = { /* magic header */ /* NetXRay file header (minus magic number). */ struct netxray_hdr { char version[8]; /* version number */ - guint32 xxx[3]; /* unknown */ + guint32 start_time; /* UNIX time when capture started */ + guint32 xxx[2]; /* unknown */ guint32 start_offset; /* offset of first packet in capture */ guint32 end_offset; /* offset after last packet in capture */ guint32 xxy[3]; /* unknown */ guint16 network; /* datalink type */ guint8 xxz[6]; - guint32 timelo; /* lower 32 bits of time stamp */ - guint32 timehi; /* upper 32 bits of time stamp */ + guint32 timelo; /* lower 32 bits of time stamp of capture start */ + guint32 timehi; /* upper 32 bits of time stamp of capture start */ /* * XXX - other stuff. */ @@ -124,11 +125,12 @@ int netxray_open(wtap *wth) wth->subtype_read = netxray_read; wth->file_encap = netxray_encap[hdr.network]; wth->snapshot_length = 16384; /* XXX - not available in header */ + wth->capture.netxray->start_time = pletohl(&hdr.start_time); wth->capture.netxray->timeunit = timeunit; t = (double)pletohl(&hdr.timelo) + (double)pletohl(&hdr.timehi)*4294967296.0; t = t/timeunit; - wth->capture.netxray->starttime = t; + wth->capture.netxray->start_timestamp = t; /*wth->frame_number = 0;*/ /*wth->file_byte_offset = 0x10b;*/ @@ -197,15 +199,13 @@ reread: return -1; } - /* XXX - this isn't the actual date/time the packet was captured, - * but at least it gives you the right relative time stamps. */ t = (double)pletohl(&hdr.timelo) + (double)pletohl(&hdr.timehi)*4294967296.0; t /= wth->capture.netxray->timeunit; - t -= wth->capture.netxray->starttime; - wth->phdr.ts.tv_sec = (long)t; - wth->phdr.ts.tv_usec = (unsigned long)((t-(double)(wth->phdr.ts.tv_sec)) - *1.0e6); + t -= wth->capture.netxray->start_timestamp; + wth->phdr.ts.tv_sec = wth->capture.netxray->start_time + (long)t; + wth->phdr.ts.tv_usec = (unsigned long)((t-(double)(unsigned long)(t)) + *1.0e6); wth->phdr.caplen = packet_size; wth->phdr.len = pletohs(&hdr.orig_len); wth->phdr.pkt_encap = wth->file_encap; diff --git a/wiretap/wtap.h b/wiretap/wtap.h index 26efe06fa2..7013f5abd1 100644 --- a/wiretap/wtap.h +++ b/wiretap/wtap.h @@ -1,6 +1,6 @@ /* wtap.h * - * $Id: wtap.h,v 1.14 1999/03/01 18:57:07 gram Exp $ + * $Id: wtap.h,v 1.15 1999/03/01 22:59:47 guy Exp $ * * Wiretap Library * Copyright (c) 1998 by Gilbert Ramirez <gram@verdict.uthscsa.edu> @@ -92,8 +92,9 @@ typedef struct { } netmon_t; typedef struct { + time_t start_time; double timeunit; - double starttime; + double start_timestamp; int wrapped; int end_offset; } netxray_t; |