tcpdump mailing list archives
Re: timezone question
From: "Gisle Vanem" <giva () bgnett no>
Date: Fri, 19 Dec 2003 10:02:35 +0100
"alex medvedev" <alexm () pycckue org> said:
suppose i create a tcpdump at 9 am in moscow, russia (+3hrs east from GMT); then i read it on a machine in dallas, tx (-6hrs west from GMT). what time stamps should i see on packets? 9am or 6pm?
Normally if you don't use any time-options in tcpdump, you'll see 9am. Since AFAIK libpcap stores the timestamp unchanged in whatever timezone the OS passes the frame to libpcap. If you use the '-tttt' option, tcpdump will treat the timestamps in capture file as UTC (your $TZ) and print them as such: reading from file f:\WATTCP.DBG, link-type EN10MB (Ethernet) 2003-12-18 15:44:40.014914 arp who-has 10.0.0.1 tell 10.0.0.7 2003-12-18 15:44:40.108415 arp reply 10.0.0.1 is-at 00:00:c5:92:36:c4 2003-12-18 15:44:40.108839 IP 10.0.0.7 > 10.0.0.1: icmp 12: echo request seq 0 2003-12-18 15:44:40.230878 IP 10.0.0.1 > 10.0.0.7: icmp 12: echo reply seq 0 The above snippet was created yesterday at 16:44 GMT and read today. --gv - This is the TCPDUMP workers list. It is archived at http://www.tcpdump.org/lists/workers/index.html To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe
Current thread:
- timezone question alex medvedev (Dec 18)
- Re: timezone question Gisle Vanem (Dec 19)
- Re: timezone question Guy Harris (Dec 19)
- Re: timezone question Gisle Vanem (Dec 19)