Ask Your Question
0

Extracting timestamp in lua

asked 2022-06-19 20:09:48 +0000

linuxbegginer gravatar image

updated 2022-06-19 20:11:38 +0000

I am trying to extract the timestamp so I figure the following fields:

abs_time, utc_time, cls_time, rel_time

are containing the timestamp I need. Unfortunately, I got errors. According to Wireshark's official website:

https://www.wireshark.org/docs/wsdg_h...

One can extract those fields from the "pinfo" variable. 

local function init_listener()
     local tap = Listener.new("ip",filter_packets)
     local ipid = Field.new("ip.id")
     function tap.reset()
         packets = 0;
     end
     function tap.packet(pinfo,tvb,ip)    
         -- as requested, double check with the previous code results. 

         -- tried this didn't worked.. 
         local val1 = pinfo.abs_time

         -- also want to extract those in the same manner .. 
         local val2 = pinfo.utc_time
         local val3 = pinfo.cls_time
         local val4 = pinfo.rel_time
         -- omitted
     end
     function tap.draw()
         print("Applying filter: " .. "\"" .. filter_packets .. "\"",packets)
     end
 end

So I have two questions :

  1. Is it true that those fields hold the timestamp of a packet header?
  2. How do I extract those fields in lua script?
edit retag flag offensive close merge delete
add a comment

1 Answer

Sort by ยป oldest newest most voted
0

answered 2022-06-20 14:14:55 +0000

Chuckc gravatar image

updated 2022-06-20 14:53:42 +0000

The Pinfo names are abs_ts, rel_ts, delta_ts and delta_dis_ts.

  print ("When the packet was captured.", pinfo.abs_ts)
  print ("Number of seconds passed since beginning of capture.", pinfo.rel_ts)
  print ("Number of seconds passed since the last captured packet.", pinfo.delta_ts)
  print ("Number of seconds passed since the last displayed packet.", pinfo.delta_dis_ts)

(Leaving this original part of the answer for future reference about reading columns)
You would need to adjust the syntax to read from the columns (pinfo.cols.info) (See 11.5.3.3. Example) but even then it only seems to work with text columns like protocol and info.

Can you get what you need from the frame protocol fields such as frame.time or frame.time_epoch?

edit flag offensive delete link more

Comments

pinfo.cols.abs_time This one returns just a string called "abs_time" which isn't helping... I don't know if frame.time or frame.time_epoch are fields that I am looking for (is it timestamp?)

linuxbegginer gravatar imagelinuxbegginer ( 2022-06-20 15:11:12 +0000 )edit

The columns return the column name when there is nothing available to return.
Try the pinfo "field" pinfo.abs_ts.

Chuckc gravatar imageChuckc ( 2022-06-20 15:21:37 +0000 )edit

Thanks Chuckc :)

linuxbegginer gravatar imagelinuxbegginer ( 2022-06-20 15:43:35 +0000 )edit
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2022-06-19 20:09:48 +0000

Seen: 748 times

Last updated: Jun 20 '22

Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2