Re: output timestamps in HEX format

[Guy Harris <guy () alum mit edu>]

On Mar 3, 2009, at 3:33 AM, NADEZHDA PLOTNIKOVA wrote:

> I am using the following string
> WinDump.exe -tt -nnr file.pcap
> but the time stamps I am getting in the output text file are in  
> decimal format.

Yes.  "Unformatted" does not necessarily mean "hexadecimal".

> Does anyone know how to make it in hex format?

Change the source code to tcpdump/WinDump and recompile, or write a  
filter program/script to convert time stamps to hex and pipe the  
output of tcpdump/WinDump to it.

(BTW, on Windows, I think just typing "WinDump", without the ".exe",  
is sufficient; the Windows command interpreter, or the Windows  
CreateProcess() API, will look for a file with one of the correct  
suffixes.)

> is it possible at all?

Not without changing tcpdump's/windump's source code, or post- 
processing its output, in the form discussed.
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.