![]() ![]() ![]() The actual precision of timestamp depends on the Operating System and hardware. Tcpdump: verbose output suppressed, use -v or -vv for full protocol decode The timestamp precision can be set in microsecond resolution (" -time-stamp-precision=macro/-macro") or nanosecond resolution (" -time-stamp-precision=nano/-nano"): # tcpdump -time-stamp-precision=nano Now 5 types are supported: host, host_lowprec, host_hiprec, adapter and adapter_unsynced (please refer pcap-tstamp). However, Wireshark provides a program, capinfos, which reads a capture file to obtain information about the capture file such start-time, end-time, number-of-packets, etc. Time stamp types for enp0s3 (use option -j to set):Īdapter_unsynced (Adapter, not synced with system time)Īs prompted, " -j tstamp_type/-time-stamp-type=tstamp_type" option can be used to set timestamp type. " -J/-list-time-stamp-types" option is used to list timestamp types that interface supports: $ tcpdump -J Set timestamp type and precision during capture ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |