On 2009-05-15 18:20, Guy Harris wrote:
On May 15, 2009, at 12:43 AM, Jefferson Ogata wrote:
This has come up before, back when we were talking about the NG format.
I guess I got confused by the current context; if pcap files are
natively UTC (which I had thought they were until this thread arose
On Fri, May 15, 2009 at 2:20 PM, Guy Harris wrote:
>
> On May 15, 2009, at 12:43 AM, Jefferson Ogata wrote:
>
> This has come up before, back when we were talking about the NG format.
>> I guess I got confused by the current context; if pcap files are
>> natively UTC (which I had thought they we
On May 15, 2009, at 12:43 AM, Jefferson Ogata wrote:
This has come up before, back when we were talking about the NG
format.
I guess I got confused by the current context; if pcap files are
natively UTC (which I had thought they were until this thread arose,
seeming to suggest they weren't),
On 2009-05-15 03:10, Guy Harris wrote:
> On May 14, 2009, at 7:20 PM, Jefferson Ogata wrote:
>> But the point of storing the mostly irrelevant zone data as metadata
>> is so that it can be recorded when pcap timestamps are UTC, as they
>> always should have been. I'd like to find the person who dec
On May 14, 2009, at 8:23 PM, Andrej van der Zee wrote:
Hi,
2) does, but "helpfully" converts the time to local time (in
which
case, whoever decided to be "helpful" needs to be hit with said
sock).
I found that tcpdump with - converts to local time, but tcpdump
-tt report GMT.
Hi,
> 2) does, but "helpfully" converts the time to local time (in which
> case, whoever decided to be "helpful" needs to be hit with said sock).
I found that tcpdump with - converts to local time, but tcpdump
-tt report GMT.
>
> However, even with standard pcap files, which have GMT
On May 14, 2009, at 7:20 PM, Jefferson Ogata wrote:
But the point of storing the mostly irrelevant zone data as metadata
is so that it can be recorded when pcap timestamps are UTC, as they
always should have been. I'd like to find the person who decided to
store localtime instead of gmtime
On 2009-05-15 01:48, Guy Harris wrote:
pcap-NG:
http://www.winpcap.org/ntar/draft/PCAP-DumpFileFormat.html
can store a 4-byte "Time zone for GMT support" value of unspecified
interpretation (probably a seconds-from-GMT offset), although, if the
capture crosses a standard time/summer time
On May 14, 2009, at 6:10 PM, Andrej van der Zee wrote:
Thanks a lot for your email. I wish .cap files stored some
meta-information such as local timezone, IP address, etc.
pcap-NG:
http://www.winpcap.org/ntar/draft/PCAP-DumpFileFormat.html
can store a 4-byte "Time zone for GMT suppo
Thanks a lot for your email. I wish .cap files stored some
meta-information such as local timezone, IP address, etc. Well, that's
just my bad luck.
Cheers,
Andrej
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.
On May 14, 2009, at 5:41 PM, Andrej van der Zee wrote:
I am having a problem with the timestamps in .cap files. I receive
.cap files captured on machines in a different timezone (GMT +1 or GMT
+3). When I do a "tcpdump -r en0.cap -n -" then the timestamps
are corrected to my local timezon
Hi,
I am having a problem with the timestamps in .cap files. I receive
.cap files captured on machines in a different timezone (GMT +1 or GMT
+3). When I do a "tcpdump -r en0.cap -n -" then the timestamps
are corrected to my local timezone (GMT +8 or GMT +9). The problem is
that I need the t
12 matches
Mail list logo
