Packet Timestamp

[Thiago]

Hello,

I would like to know if it's possible to access at a packet timestamp(defined in the header of the packet) in a PCAP file without modification of the library.

Regards
Thiago

[Esteban Pellegrino]

Is not possible, but I can easily add that feature to the Packet class (if the packet was created from the sniffer or pcap file, I'll set a timestamp on it).

Best,
Esteban

--
You received this message because you are subscribed to the Google Groups "libcrafter" group.
To unsubscribe from this group and stop receiving emails from it, send an email to libcrafter+...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

[Thiago]

ok!

I will try to that! if you have some advices i'm interested.

Thanks a lot!

Regards

[Esteban Pellegrino]

Well, my suggestion is to add a new member to the Packet class (a timestamp) and 2 methods Set/Get Timestamp. The value of the timestamp should be 0 by default but you can set it when the packet is created using the Sniffer or ReadPcap. For the Sniffer, you should do it here : https://github.com/pellegre/libcrafter/blob/master/libcrafter/crafter/Utils/Sniffer.cpp#L46 . You should set the pcap timestamp of the sniff_packet created on process_packet function by looking at the pcap_pckthdr structure.

Similar situation on ReadPcap, here : https://github.com/pellegre/libcrafter/blob/master/libcrafter/crafter/Utils/PacketContainer.cpp#L110
 

When you are done you should submit a patch on github so I include your changes on the master branch.

Best,

Esteban

--

[Thiago]

Perfect it's what i have done!

I have to configure github for the commit of the modification! I will do it tomorrow morning if it's not a problem for you!

Thank you!

[Esteban Pellegrino]

Excellent, thank you very much :-)

[Thiago]

I try to push my change but it's said me :

error: The requested URL returned error: 403 while accessing https://github.com/pellegre/libcrafter/info/refs
fatal: HTTP request failed

Can you explain me how to configure my repository?

Thanks

[Esteban Pellegrino]

Oh, because you need to fork libcrafter repo and push the changes in YOUR repo. Then you can send a pull request and I'll merge your changes on the master branch.

--

[Scott Fortner]

Hello gents,
I was wondering if this code was made available yet.  I'm parsing pcap files and I need the timestamp as recorded by wireshark, but I'm not sure how to pull that data for each packet.  Other than the member, getter and setter for the Packet class, where do I actually pull the information from?  I'm using the ReadPcap method in my program.  Can I add it there or do I need to modify more source code?  If there code started for this, I'd like to help finish it.

Thanks,
Scott

[Esteban Pellegrino]

Hi, I added the time stamp information for packets. check this code as an example on how to read / modify the time stamp for a packet : https://github.com/pellegre/libcrafter-examples/blob/master/ReadPcap/main.cpp. it should be working for the Sniffer class as well. let me know if is working for you :-)

For more options, visit https://groups.google.com/d/optout.

--

Esteban Pellegrino | Software Developer
Twitter | Zimperium.com

[Scott Fortner]

That's perfect.  Thanks!