Hi, i 've captured network traffic with sudo tcpdump and got .pcap file. I am trying to figure out the info on timestamps and their meaning. Any pointers? Thanks.
Understanding time stamps in Packet Capture Data (.pcap) files
Firstly, timestamps are derived from the clock on the machine performing the packet capture. Therefore it’s important to check the accuracy and record this machine’s system time before starting the packet capture.
Secondly, time stamps are saved to the .pcap file in GMT/UTC format, which can easily be verified by examining the value of “thiszone” in the global header.