tcpdump .pcap file question

F

fhhf


Joined
Dec 11, 2020
Messages
2
Reaction score
0
Points
1
Location
Brussels
Hi, i 've captured network traffic with sudo tcpdump and got .pcap file. I am trying to figure out the info on timestamps and their meaning. Any pointers? Thanks.
 
M

machos


Joined
Dec 10, 2020
Messages
5
Reaction score
2
Points
3
fhhf said:
Hi, i 've captured network traffic with sudo tcpdump and got .pcap file. I am trying to figure out the info on timestamps and their meaning. Any pointers? Thanks.
Click to expand...

Understanding time stamps in Packet Capture Data (.pcap) files

Firstly, timestamps are derived from the clock on the machine performing the packet capture. Therefore it’s important to check the accuracy and record this machine’s system time before starting the packet capture.

Secondly, time stamps are saved to the .pcap file in GMT/UTC format, which can easily be verified by examining the value of “thiszone” in the global header.
Click to expand...
 

Shop Amazon


Shop for your Apple, Mac, iPhone and other computer products on Amazon.
We are a participant in the Amazon Services LLC Associates Program, an affiliate program designed to provide a means for us to earn fees by linking to Amazon and affiliated sites.
Top