Extracting timestamp in lua

asked 2022-06-19 20:09:48 +0000

I am trying to extract the timestamp so I figure the following fields:

abs_time, utc_time, cls_time, rel_time

are containing the timestamp I need. Unfortunately, I got errors. According to Wireshark's official website:

One can extract those fields from the "pinfo" variable.

local function init_listener()
     local tap ="ip",filter_packets)
     local ipid ="")
     function tap.reset()
         packets = 0;
     function tap.packet(pinfo,tvb,ip)    
         -- as requested, double check with the previous code results. 

         -- tried this didn't worked.. 
         local val1 = pinfo.abs_time

         -- also want to extract those in the same manner .. 
         local val2 = pinfo.utc_time
         local val3 = pinfo.cls_time
         local val4 = pinfo.rel_time
         -- omitted
     function tap.draw()
         print("Applying filter: " .. "\"" .. filter_packets .. "\"",packets)

So I have two questions :

  1. Is it true that those fields hold the timestamp of a packet header?
  2. How do I extract those fields in lua script?
1 Answer

answered 2022-06-20 14:14:55 +0000

The Pinfo names are abs_ts, rel_ts, delta_ts and delta_dis_ts.

  print ("When the packet was captured.", pinfo.abs_ts)
  print ("Number of seconds passed since beginning of capture.", pinfo.rel_ts)
  print ("Number of seconds passed since the last captured packet.", pinfo.delta_ts)
  print ("Number of seconds passed since the last displayed packet.", pinfo.delta_dis_ts)

(Leaving this original part of the answer for future reference about reading columns)
You would need to adjust the syntax to read from the columns ( (See Example) but even then it only seems to work with text columns like protocol and info.

Can you get what you need from the frame protocol fields such as frame.time or frame.time_epoch?

pinfo.cols.abs_time This one returns just a string called "abs_time" which isn't helping... I don't know if frame.time or frame.time_epoch are fields that I am looking for (is it timestamp?)

linuxbegginer ( 2022-06-20 15:11:12 +0000 )

The columns return the column name when there is nothing available to return.
Try the pinfo "field" pinfo.abs_ts.

Chuckc ( 2022-06-20 15:21:37 +0000 )

Thanks Chuckc :)

linuxbegginer ( 2022-06-20 15:43:35 +0000 )

Asked: 2022-06-19 20:09:48 +0000

Seen: 36 times

Jun 20