Re: capturing only timestamp excluding other information

[Guy Harris <guy () alum mit edu>]

On May 8, 2013, at 10:51 PM, achyut baruah <achyutbaruah.mail () gmail com> wrote:

> Sir, I have been using Tcpdump. Extracting timestamp from a pcap file is
> quite easy. Is there any way to capture only the timestamp excluding other
> info using Tcpdump while capturing packet.

No, there isn't.

However, if you capture with as low a snapshot length as possible (try 1 as a value; the OS or libpcap might raise it 
to a larger minimum value), that will minimize the amount of extra data you're capturing.  If you only want the 
timestamp from the pcap file, you can just extract that and ignore the packet data.

_______________________________________________
tcpdump-workers mailing list
tcpdump-workers () lists tcpdump org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers