Packet Timestamp problem?

324 views
Skip to first unread message

lksstb...@gmail.com

unread,
Jul 22, 2016, 7:29:28 PM7/22/16
to libtins
#include <iostream>
#include <tins/tins.h>

using namespace Tins;
using namespace std;

bool callback(const Packet& packet) {
    const PDU* pdu = packet.pdu();

    auto time = packet.timestamp().microseconds();
    cout << time << endl;
    //number should increasing??.
    return true;
}

int main(int argc, char *argv[])
{
    if(argc < 2) {
        fprintf(stderr, "Usage: %s input.pcap\n", argv[0]);
        return -1;
    }
    SnifferConfiguration config;

    config.set_filter("tcp or udp");
    config.set_promisc_mode(false);

    FileSniffer sniffer(argv[1], config);
    sniffer.sniff_loop(callback);
    return 0;
}

Well, i used libtins to parse the pcap file, in order to get the packet timestamp, and the result is weird!

I use wireshark to check the pcap file, the duration is 28s, but the libtins show a wrong timestamp of each packet. it would overflow after the number bigger than 999999....why?

I compile the library from github, but still got the wrong answer, please

Matias Fontanini

unread,
Jul 22, 2016, 7:45:00 PM7/22/16
to libtins
Timestamp is a simple wrapper over a struct timeval. As such, it contains 2 fields: seconds and microseconds. The seconds one contains the amount of seconds in the timestamp, whereas the microsecond field contains the reminder of microseconds, that is, a value between 0 and 1000000. That is, if the timestamp is 2.3987 seconds, then the timestamp will have 2 in the seconds field and 3987000 in the microseconds one.

If you want to merge them together you can either do it yourself or you can use the operator std::chrono::microseconds:

Timestamp ts = ...;
std::chrono::microseconds us = ts;
// This will print the time in microseconds
std::cout << ts.count() << std::endl;

lksstb...@gmail.com

unread,
Jul 22, 2016, 8:25:00 PM7/22/16
to libtins
I change the code, but got a huge number, 1465799439142269 us?? it is wrong obviously..

Matias Fontanini於 2016年7月23日星期六 UTC+8上午7時45分00秒寫道:

Matias Fontanini

unread,
Jul 22, 2016, 9:12:13 PM7/22/16
to libtins
That is a unix timestamp

lksstb...@gmail.com

unread,
Jul 22, 2016, 9:34:29 PM7/22/16
to libtins
Sorry that i am not familiar with C++,
so how could i get the packet timestamp from this Unix timestamp??? i want an microsecond of each packet end.

Matias Fontanini於 2016年7月23日星期六 UTC+8上午9時12分13秒寫道:
That is a unix timestamp
Reply all
Reply to author
Forward
0 new messages