tcpdump mailing list archives
tcpdump -tttt option and timezone
From: Raphael Raimbault <raphael.raimbault () netasq com>
Date: Mon, 14 Jun 2004 10:38:06 +0200
# tcpdump -n -tttt 06/13/2004 13:31:35.758527 192.168.2.1 > 192.168.2.254: icmp: echo request 06/13/2004 13:31:35.758684 192.168.2.254 > 192.168.2.1: icmp: echo reply without time option, I have: # tcpdump -n 15:31:30.808613 192.168.2.1 > 192.168.2.254: icmp: echo request 15:31:30.808769 192.168.2.254 > 192.168.2.1: icmp: echo reply The reason is quite simple (based on 3.8.3 source code) in tcpdump.c: [snip] int tflag = 1; /* print packet arrival time */ [snip] int main(int argc, char **argv) [snip] case 't': --tflag; break; [snip] [snip] if (tflag > 0) thiszone = gmt2local(0); [snip] if -tttt option is enabled gmt2local isn't called and global variable thiszone is alway equals to 0 which make ts_print function in utils.c "fails". There is a patch for 3.8.3 version: --- tcpdump.c.orig Sun Jun 13 15:50:49 2004 +++ tcpdump.c Sun Jun 13 16:05:34 2004 @@ -615,7 +615,7 @@ /* NOTREACHED */ } - if (tflag > 0) + if ((tflag > 0) || (tflag == -3)) thiszone = gmt2local(0); if (RFileName != NULL) { PS: another solution is to remove the "if (tflag > 0)" test. This bug was discovered on FreeBSD 5.2.1 (tcpdump 3.7.2 + multidlt) with but apply to all others platforms and also on tcpdump-current. -- --------------------------------------- Raphael Raimbault - R&D Engineer NETASQ - Secure Internet Connectivity E-mail : raphael.raimbault () netasq com Telephone : +33 (0) 320 619 630 Web : http://www.netasq.com ---------------------------------------
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
Current thread:
- tcpdump -tttt option and timezone Raphael Raimbault (Jun 14)
- Re: tcpdump -tttt option and timezone Guy Harris (Jun 14)