nDPI icon indicating copy to clipboard operation
nDPI copied to clipboard

Published 20 hours ago verified publisher icon ntop

Timestamps in nanoseconds in json

Open MiroslavovichVlad opened this issue 1 year ago • 1 comments

Hello.

I'm using compiled after "git clone" nDPI 4.9 on Linux and on Windows. I would like to have timestamps (first_seen, last_seen) in nanoseconds like in Wireshark after saving in json (6 decimal places, not three as now). I found a few places in the source code but the full changes happened in other places, not in json. In json's timestamps were added only three zeros.

Could you please tell me where I need to change to get what I want? English and C are not my languages, sorry if someting wrong. Thank you.

MiroslavovichVlad avatar Dec 14 '23 11:12 MiroslavovichVlad

At very least you need:

  • to use pcap_open_offline_with_tstamp_precision()
  • treat the struct timeval in the pcap_pkthdr structure as being seconds and nanoseconds rather than seconds and microseconds

With some luck, you might only need to change the application code and not the library itself (with the exception of the serialization code, likely)

IvanNardi avatar Jan 02 '24 14:01 IvanNardi