Re: timezone question

["Gisle Vanem" <giva () bgnett no>]

"alex medvedev" <alexm () pycckue org> said:

> suppose i create a tcpdump at 9 am in moscow, russia (+3hrs east from
> GMT);
> then i read it on a machine in dallas, tx (-6hrs west from GMT).
>
> what time stamps should i see on packets?
> 9am or 6pm?

Normally if you don't use any time-options in tcpdump, you'll 
see 9am. Since AFAIK libpcap stores the timestamp unchanged 
in whatever timezone the OS passes the frame to libpcap.

If you use the '-tttt' option, tcpdump will treat the timestamps
in capture file as UTC (your $TZ) and print them as such:

reading from file f:\WATTCP.DBG, link-type EN10MB (Ethernet)
2003-12-18 15:44:40.014914 arp who-has 10.0.0.1 tell 10.0.0.7
2003-12-18 15:44:40.108415 arp reply 10.0.0.1 is-at 00:00:c5:92:36:c4
2003-12-18 15:44:40.108839 IP 10.0.0.7 > 10.0.0.1: icmp 12: echo request seq 0
2003-12-18 15:44:40.230878 IP 10.0.0.1 > 10.0.0.7: icmp 12: echo reply seq 0

The above snippet was created yesterday at 16:44 GMT and read today.

--gv

-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe