need help to write a small dissector
Moin!
I got some problems to understand the lua script language. I hope someone like to support me... :-)
My first Problem ist to dissect a 16 Byte timestamp. The timestamp is described as follows:
"For timestamp the length in hexadecimal is 16 as mentioned. Converting the hexdecimal to binary we get 128 bits." The timestamp is an Epoch from 01/01/1904 00:00:00.00 UTC. The MSB 64 bits is the 2's complement integer of seconds from Epoch. The LSB 64 is direct decimal N to calc decimal seconds. N*2^(-64).
Right nor I stuck to decode the first 8 Bytes (seconds from 1.1.1904).
atime= ProtoField.absolute_time ("sitipe.atime", "test atime " ,base.LOCAL),
timeFloat= ProtoField.double("sitipe.timeFloat", "test float " ),
subtree:add_le(sitipe_fields.timeFloat, buffer(6,8), time_stamp)
How to convert the seconds from the timestamp + TimeForm(1.1.1904) to a DateString?
Is there a RFC or spec document you can share a link to?
not realy, but I know the meaning of each byte in the payload.
The TimeStamp is contained in 2 x 8 bytes an was built in 2 steps:
Step 1: MSB - integer time in seconds since 1.1.1904 [0x 00 00 00 00 E1 F6 93 30] = 3.791.033.136 seconds
Step 2: LSB - integer time in micro seconds = description follows
(more)
The timestamp format seems similar to LabVIEW Timestamp Overview.
Format timestamp in Python: How do I convert a LabVIEW decimal date into a string datetime format using Python?
Their example done in Wireshark Lua Console (WSDG - 11.1. Utility Functions):
Hi Chuckc,
yes, indeed it is a LabView timestamp. My problem isnĀ“t to unterstand how to decode a LabView timestamp. My problem ist to unterstand how to convert / typecast the 2 x 8 Byte in my Lua dissector.
Maybe we should solve it step by step....
This works...
This converts the seconds into days [double]
How to add the days to my tree?
Lua Error: C:\Program Files\Wireshark\plugins\4.2\epan\SITIPE_MS.lua:58: No such 'double' method/field for object type 'UInt64'
11.13.2. UInt64
https://www.lua.org/pil/2.3.html
Console output:
Tree data: