Hello, using libpcap, i'm developing an IDS. When moving my captured data
files from my sensor to my analyzer (both running OpenBSD 2.7 i386; the
sensor is a 486 and the analyzer is a pentiumII), then running tcpdump on
them, the following timestamp problem occurs; the output from sensor_sktn
(the machine it was captured on) is correct. the ip addresses are changed to
protect the guilty ;)
sensor_sktn# tcpdump -r Saskatoon.2000.12.21-13.45.dat
13:45:27.042462 123.456.789.012.3456 > 789.012.345.678.9012: . ack 571384368
win 8739 (DF)
13:45:27.058060 456.789.012.345.6789 > 012.345.678.901.2345: P
820505438:820505707(269) ack 4273926 win 17520 (DF)
idsroot# tcpdump -r Saskatoon.2000.12.21-13.45.dat
19:45:27.042462 123.456.789.012.3456 > 789.012.345.678.9012: . ack 571384368
win 8739 (DF)
19:45:27.058060 456.789.012.345.6789 > 012.345.678.901.2345: P
820505438:820505707(269) ack 4273926 win 17520 (DF)
If it would help, I can show a sample of the code used to gather these
results. Any ideas?
Thanks in advance,
Brad
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
