tcpdump mailing list archives
Re: tcpdump and timestamps
From: Richard Huddleston <huddleston.richard () gmail com>
Date: Tue, 9 Nov 2010 06:53:47 -0500
There are two simple cases to rule out: 1. The capture was taken using a Napatech or Endace card, which uses its own clock which may or may not be in sync with the host clock. 2. There's an unexpected local timezone on the machine used to read and display the packet capture. Is your client in a different timezone? Sent from my iPhone - please excuse any typos. On Nov 9, 2010, at 4:15, Andrej van der Zee <andrejvanderzee () gmail com> wrote:
Hi, Today I received a tcpdump file from a client with timestamps that did not correspond to the system clock. If I remember correctly, tcpdump does not store complete timestamps but only a delta compared to the first timestamp. I guess tcpdump does not read the system clock every time, but has its own mechanisms. My question is, how does tcpdump calculate its timestamps? Thank you, Andrej - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
- This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- tcpdump and timestamps Andrej van der Zee (Nov 09)
- Re: tcpdump and timestamps Guy Harris (Nov 09)
- Re: tcpdump and timestamps Andrej van der Zee (Nov 09)
- Re: tcpdump and timestamps Richard Huddleston (Nov 09)
- Re: tcpdump and timestamps Guy Harris (Nov 09)