It turns out that the first of the unknown fields in the NetXRay header
appears to be the UNIX "time_t" when the capture started, so use that to figure out the time when a packet was captured. svn path=/trunk/; revision=204
This commit is contained in:
parent
70451c547a
commit
e2b7e1aba9
|
@ -1,4 +1,4 @@
|
|||
$Id: README,v 1.12 1999/03/01 20:35:33 guy Exp $
|
||||
$Id: README,v 1.13 1999/03/01 22:59:47 guy Exp $
|
||||
|
||||
Wiretap is a library that is being developed as a future replacement for
|
||||
libpcap, the current standard Unix library for packet capturing. Libpcap is
|
||||
|
@ -106,10 +106,9 @@ if possible).
|
|||
Sniffer Basic (NetXRay)/Windows Sniffer Pro
|
||||
-------------------------------------------
|
||||
Network Associates' Sniffer Basic (formerly NetXRay from Cinco Networks)
|
||||
file format is now partially supported; only Ethernet and Token Ring
|
||||
captures can be read, and the packet time stamp isn't correctly
|
||||
computed. Network Associates' Windows Sniffer Pro appears to use a
|
||||
variant of that format; it's supported to the same extent.
|
||||
file format is now supported, at least for Ethernet and token-ring.
|
||||
Network Associates' Windows Sniffer Pro appears to use a variant of that
|
||||
format; it's supported to the same extent.
|
||||
|
||||
Gilbert Ramirez <gram@verdict.uthscsa.edu>
|
||||
Guy Harris <guy@netapp.com>
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/* netxray.c
|
||||
*
|
||||
* $Id: netxray.c,v 1.2 1999/03/01 18:57:06 gram Exp $
|
||||
* $Id: netxray.c,v 1.3 1999/03/01 22:59:47 guy Exp $
|
||||
*
|
||||
* Wiretap Library
|
||||
* Copyright (c) 1998 by Gilbert Ramirez <gram@verdict.uthscsa.edu>
|
||||
|
@ -38,14 +38,15 @@ static const char netxray_magic[] = { /* magic header */
|
|||
/* NetXRay file header (minus magic number). */
|
||||
struct netxray_hdr {
|
||||
char version[8]; /* version number */
|
||||
guint32 xxx[3]; /* unknown */
|
||||
guint32 start_time; /* UNIX time when capture started */
|
||||
guint32 xxx[2]; /* unknown */
|
||||
guint32 start_offset; /* offset of first packet in capture */
|
||||
guint32 end_offset; /* offset after last packet in capture */
|
||||
guint32 xxy[3]; /* unknown */
|
||||
guint16 network; /* datalink type */
|
||||
guint8 xxz[6];
|
||||
guint32 timelo; /* lower 32 bits of time stamp */
|
||||
guint32 timehi; /* upper 32 bits of time stamp */
|
||||
guint32 timelo; /* lower 32 bits of time stamp of capture start */
|
||||
guint32 timehi; /* upper 32 bits of time stamp of capture start */
|
||||
/*
|
||||
* XXX - other stuff.
|
||||
*/
|
||||
|
@ -124,11 +125,12 @@ int netxray_open(wtap *wth)
|
|||
wth->subtype_read = netxray_read;
|
||||
wth->file_encap = netxray_encap[hdr.network];
|
||||
wth->snapshot_length = 16384; /* XXX - not available in header */
|
||||
wth->capture.netxray->start_time = pletohl(&hdr.start_time);
|
||||
wth->capture.netxray->timeunit = timeunit;
|
||||
t = (double)pletohl(&hdr.timelo)
|
||||
+ (double)pletohl(&hdr.timehi)*4294967296.0;
|
||||
t = t/timeunit;
|
||||
wth->capture.netxray->starttime = t;
|
||||
wth->capture.netxray->start_timestamp = t;
|
||||
/*wth->frame_number = 0;*/
|
||||
/*wth->file_byte_offset = 0x10b;*/
|
||||
|
||||
|
@ -197,15 +199,13 @@ reread:
|
|||
return -1;
|
||||
}
|
||||
|
||||
/* XXX - this isn't the actual date/time the packet was captured,
|
||||
* but at least it gives you the right relative time stamps. */
|
||||
t = (double)pletohl(&hdr.timelo)
|
||||
+ (double)pletohl(&hdr.timehi)*4294967296.0;
|
||||
t /= wth->capture.netxray->timeunit;
|
||||
t -= wth->capture.netxray->starttime;
|
||||
wth->phdr.ts.tv_sec = (long)t;
|
||||
wth->phdr.ts.tv_usec = (unsigned long)((t-(double)(wth->phdr.ts.tv_sec))
|
||||
*1.0e6);
|
||||
t -= wth->capture.netxray->start_timestamp;
|
||||
wth->phdr.ts.tv_sec = wth->capture.netxray->start_time + (long)t;
|
||||
wth->phdr.ts.tv_usec = (unsigned long)((t-(double)(unsigned long)(t))
|
||||
*1.0e6);
|
||||
wth->phdr.caplen = packet_size;
|
||||
wth->phdr.len = pletohs(&hdr.orig_len);
|
||||
wth->phdr.pkt_encap = wth->file_encap;
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/* wtap.h
|
||||
*
|
||||
* $Id: wtap.h,v 1.14 1999/03/01 18:57:07 gram Exp $
|
||||
* $Id: wtap.h,v 1.15 1999/03/01 22:59:47 guy Exp $
|
||||
*
|
||||
* Wiretap Library
|
||||
* Copyright (c) 1998 by Gilbert Ramirez <gram@verdict.uthscsa.edu>
|
||||
|
@ -92,8 +92,9 @@ typedef struct {
|
|||
} netmon_t;
|
||||
|
||||
typedef struct {
|
||||
time_t start_time;
|
||||
double timeunit;
|
||||
double starttime;
|
||||
double start_timestamp;
|
||||
int wrapped;
|
||||
int end_offset;
|
||||
} netxray_t;
|
||||
|
|
Loading…
Reference in New Issue