tcpdump mailing list archives

Previous By Date Next
Previous By Thread Next

Re: tcpdump and timestamps

From: Richard Huddleston <huddleston.richard () gmail com>
Date: Tue, 9 Nov 2010 06:53:47 -0500
There are two simple cases to rule out:

1.  The capture was taken using a Napatech or Endace card, which uses its own clock which may or may not be in sync 
with the host clock. 

2.  There's an unexpected local timezone on the machine used to read and display the packet capture.  Is your client in 
a different timezone?

Sent from my iPhone - please excuse any typos. 

On Nov 9, 2010, at 4:15, Andrej van der Zee <andrejvanderzee () gmail com> wrote:


Hi,

Today I received a tcpdump file from a client with timestamps that did
not correspond to the system clock. If I remember correctly, tcpdump
does not store complete timestamps but only a delta compared to the
first timestamp. I guess tcpdump does not read the system clock every
time, but has its own mechanisms. My question is, how does tcpdump
calculate its timestamps?

Thank you,
Andrej
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.

-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.
Previous By Date Next
Previous By Thread Next

Current thread: