tcpdump mailing list archives
Re: Tcpdump time discrepancy (vs ethereal/tcptrace)
From: Guy Harris <guy () alum mit edu>
Date: Fri, 23 Jul 2004 01:48:04 -0700
On Thu, Jul 22, 2004 at 09:21:36PM -0400, Michael Richardson wrote:
"Guy" == Guy Harris <guy () alum mit edu> writes:Guy> If that's still valid, we should probably have it set Guy> "thiszone" to "gmt2local(time stamp of first packet)" after Guy> reading, but before processing, the first packet, so the offset Guy> from UTC is appropriate to the time of the first packet, not to Guy> the time when tcpdump called "time()" in "gmt2local()". I think your analysis is right.
I.e., we should still use "thiszone" rather than using "localtime()", but we should also set "thiszone" to the time zone for the first packet? - This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.
Current thread:
- Tcpdump time discrepancy (vs ethereal/tcptrace) Aaron Mitchell (Jul 22)
- Re: Tcpdump time discrepancy (vs ethereal/tcptrace) Guy Harris (Jul 22)
- Re: Tcpdump time discrepancy (vs ethereal/tcptrace) Michael Richardson (Jul 22)
- Re: Tcpdump time discrepancy (vs ethereal/tcptrace) Guy Harris (Jul 23)
- Re: Tcpdump time discrepancy (vs ethereal/tcptrace) Michael Richardson (Jul 22)
- Re: Tcpdump time discrepancy (vs ethereal/tcptrace) Guy Harris (Jul 22)