On Fri, Apr 19, 2024 at 10:33 AM Jeff Klingler <jkling...@gmail.com> wrote:

> Hi,
>
> I am building a log viewer where if a user clicks on a log event it can
> show the related PCAP related to that timeframe. Is there an API where I
> can send a time and date to a Wireshark API and have the viewer jump to the
> nearest time period?
>

The short answer is not one quick API call in the way that you'd like,
largely because it's not guaranteed that the frames in capture files are in
chronological order, which rules out algorithms that would make a search
take faster than linear time but also because no one has implemented it.

A slightly longer answer is that there are ways. You can call
cap_file_provider_get_frame_ts() from cfile.h searching through the frames
and compare those times to your desired time. If you can assume that the
file is in strict time order, you can make that faster with binary search
or similar. (It might be helpful to have a flag in the capture_file struct
similar to what capinfos stores for strict time order.) Once you get the
frame number, there are API calls to go to a particular frame number.

John Thacker
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@wireshark.org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Reply via email to