 | 1 | initial version |
The timestamp in the frame protocol is always a value written in the capture file for that frame that reflects the clock on the machine that made the capture. If you want a timestamp based on the packet payload, which would by contrast reflect the sender of the packet (possibly but not necessarily the capturing device), then you have to add a new field. Several dissectors, including the udp dissector, display times that compare a packet to a previous packet in the same stream, or requests and responses. You can look at those for ideas.
