This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

wireshark dissector timestamp feild

0

I'm writing a wireshark dissector for a log dump. I have a 8 byte time stamp field in the PDU. Is it possible to display this time stamp value in the time column in wireshark. Also, this packet is not encapsulated by any other protocol.

Thanks in Advance!

asked 24 Jun '11, 12:18

tut087's gravatar image

tut087
1443
accept rate: 0%

One Answer:

0

You can create a custom column that contains your timestamp field (and optionally hide the Time column if it's confusing to show both columns):

  1. Go to Edit > Preferences > User Interface > Columns
  2. Click Add
  3. A new column is added to the column list. Rename it (e.g., to "Timestamp").
  4. For Field type, pick Custom
  5. For Field name, enter the name of your timestamp field (defined at field registration).
  6. OPTIONAL: To hide the Time column, select it from the list and click Remove (you can add it back later).
  7. Click OK

answered 24 Jun '11, 17:15

helloworld's gravatar image

helloworld
3.1k42041
accept rate: 28%

edited 24 Jun '11, 17:16

Thanks. What function could I use to populate this new coloumn?

(27 Jun '11, 07:47) tut087

If using the steps above, you don't need to use a function. Wireshark fills in the column for you automatically: each packet is evaluated for your timestamp field and its value is put in the Timestamp column.

(27 Jun '11, 10:57) helloworld