search

mbehr1 / vsc-webshark

Visual Studio Code extension to open pcap / network capture files using wireshark/sharkd.
GNU General Public License v2.0
26 stars 9 forks source link

Time format options #43

Open LiveFreeAndRoam opened 1 month ago

LiveFreeAndRoam commented 1 month ago

Firstly, thank you for this extension!

Can I configure the "Time" column to display "Time-of-Day", instead of "Elapsed-Time"? This would allow me to match it up with other events occuring on the system.

By way of comparison, Wireshark supports a lot of time-display-format options:

image

Currently, I see vsc-webhark shows the "Time" column displayed as elapsed-time from "first-packet" or elapsed-time from a "reference-packet".

mbehr1 commented 1 month ago

I’ll have a look!Am 07.08.2024 um 09:32 schrieb Matt Muggeridge @.***>: Firstly, thank you for this extension! Can I configure the "Time" column to display "Time-of-Day", instead of "Elapsed-Time"? This would allow me to match it up with other events occuring on the system. By way of comparison, Wireshark supports a lot of time-display-format options: image.png (view on web) Currently, I see vsc-webhark shows the "Time" column displayed as elapsed-time from "first-packet" or elapsed-time from a "reference-packet".

—Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you are subscribed to this thread.Message ID: @.***>

mbehr1 commented 4 days ago

Hello @LiveFreeAndRoam! Changing the columns/time-format is already supported. E.g. you can use the following settings: ("Time" changed from "%t" to "%Yt" and added column width for "%Yt")

"vsc-webshark.columns": [
        {
            "No.": "%m"
        },
        {
            "Time": "%Yt"
        },
        {
            "Source": "%s"
        },
        {
            "Destination": "%d"
        },
        {
            "Protocol": "%p"
        },
        {
            "Length": "%L"
        },
        {
            "Info": "%i"
        }
    ],
    "vsc-webshark.columnsWidths": {
        "%m": 100,
        "%t": 119,
        "%Yt": 200,
        "%s": 262,
        "%d": 262,
        "%p": 95,
        "%L": 82
    },

See e.g. here for the possible values for columns: https://wiki.wireshark.org/sharkd-Info-Request-Output-Example

Does this help?

mbehr1 commented 4 days ago

Time of day should most likely be: %At

"name": "Absolute time",
"format": "%At"
LiveFreeAndRoam commented 4 days ago

I think that would work and was eager to try it out, but now I cannot get vsc-webshark to display anything. I checked my settings, and they seem ok.

Should I open a spearate issue? This is the error I get:

2024-09-09 00:29:12.877 [error] TypeError: Cannot read properties of undefined (reading 'num')
    at Object.cb (/home/tester/.vscode-server/extensions/mbehr1.vsc-webshark-2.1.0/out/websharkView.js:516:107)
    at WebsharkView._sharkd2._onDataFunction (/home/tester/.vscode-server/extensions/mbehr1.vsc-webshark-2.1.0/out/websharkView.js:468:28)
    at Socket.<anonymous> (/home/tester/.vscode-server/extensions/mbehr1.vsc-webshark-2.1.0/out/websharkView.js:136:26)
    at Socket.emit (node:events:519:28)
    at addChunk (node:internal/streams/readable:559:12)
    at readableAddChunkPushByteMode (node:internal/streams/readable:510:3)
    at Readable.push (node:internal/streams/readable:390:5)
    at Pipe.onStreamRead (node:internal/stream_base_commons:191:23)
mbehr1 commented 4 days ago

which wireshark version? if >4.0 you do need to update to extension version 2.1.1.

Windows/mac/linux?

LiveFreeAndRoam commented 4 days ago

I had to upgrade Wireshark to use vsc-webshark. This is what I have:

$ wireshark --version
Wireshark 4.2.6 (Git commit fca52ffc018f).

I then saw that vsc-webshark wanted to upgrade to 2.2.0. I did that and reloaded the window, but get the same error with 2.2.0.

2024-09-09 02:31:16.119 [error] TypeError: Cannot read properties of undefined (reading 'num')
    at Object.cb (/home/tester/.vscode-server/extensions/mbehr1.vsc-webshark-2.2.0/out/websharkView.js:517:107)
    at WebsharkView._sharkd2._onDataFunction (/home/tester/.vscode-server/extensions/mbehr1.vsc-webshark-2.2.0/out/websharkView.js:469:28)
    at Socket.<anonymous> (/home/tester/.vscode-server/extensions/mbehr1.vsc-webshark-2.2.0/out/websharkView.js:137:26)
    at Socket.emit (node:events:519:28)
    at addChunk (node:internal/streams/readable:559:12)
    at readableAddChunkPushByteMode (node:internal/streams/readable:510:3)
    at Readable.push (node:internal/streams/readable:390:5)
    at Pipe.onStreamRead (node:internal/stream_base_commons:191:23)
LiveFreeAndRoam commented 4 days ago

Oh, this is a Linux server. I'm using remote-SSH from my Windows machine.

LiveFreeAndRoam commented 4 days ago

Hold on, I may have found the problem...

LiveFreeAndRoam commented 4 days ago

Nope, sorry. That was a false alarm. I thought I had the wrong "Full Path" configured, but it was fine.

mbehr1 commented 19 hours ago

@LiveFreeAndRoam could you do a quick retest with new 2.2.1? (not supposed to fix it but adds slightly better logging)