Hi Jon, The timestamp in your e-mail: > Date: Mon, 12 Mar 2012 10:24:54 -0400
indicates that you (and me) are in EST (UTC - 4:00), which is exactly the amount of the incorrect offset to the time you are seeing: > My kernel's timestamp reports my correct time via 'date' (1) but the > tcpdump program included with PF_RING shows a time much different. > e.g. at 10 a.m. (correct time), the pf_ring tcpdump reports at > timestamp of 2:00 p.m. (14:00). In other words, the PF_RING tcpdump is displaying timestamps in GMT (UTC). Where did the tcpdump binary you are using come from? Was it provided in binary form with the PF_RING software? Did you compile it from the PF_RING distribution? What is the value of the TZ environment variable? If you set that variable explicitly (export TZ=America/New_York) do you get different output? If you use the -w option to write binary tcpdump data to a file (this should always be in UTC) and then print it using tcpdump -r, what timestamps do you see? Are they different depending on the tcpdump binary you use to print them? If you can answer those questions, the solution to your problem may become apparent to you. @alex -- mailto:[email protected] _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
