There are two simple cases to rule out:
1. The capture was taken using a Napatech or Endace card, which uses its own
clock which may or may not be in sync with the host clock.
2. There's an unexpected local timezone on the machine used to read and
display the packet capture. Is your client
Hi Gary,
Thank you for your clear reply, as always.
>
> WinDump, the Windows port of tcpdump, uses WinPcap, the Windows port of
> libpcap. The time stamps come from the WinPcap driver, which might,
> depending on how it's configured, read the system clock for each packet, or
> might read it w
On Nov 9, 2010, at 1:15 AM, Andrej van der Zee wrote:
> Today I received a tcpdump file from a client with timestamps that did
> not correspond to the system clock. If I remember correctly, tcpdump
> does not store complete timestamps but only a delta compared to the
> first timestamp.
No. Each
Hi,
Today I received a tcpdump file from a client with timestamps that did
not correspond to the system clock. If I remember correctly, tcpdump
does not store complete timestamps but only a delta compared to the
first timestamp. I guess tcpdump does not read the system clock every
time, but has it
