Hello. OpenBSD added the -ttttt option which, from what I understand, a very
similar output to
tethereal's default timestamp "Add -ttttt option (timestamp difference since
the first packet)".
How can I get the same functionality under linux? I can't find a tarball
anywhere that'll give me
that.
My problem is this. I'm tcpdumping on two systems (A & B) and C on a tapped
line.
[A]-----+-----[B]
| \
| network tap
|
[C]
without -ttttt (regular output) .. if i'm throwing lots of juice from system A
to system to system
B so that I can see if [C] is capturing at the exact same time as [B]
A) need to set up NTP
B) still need to take into account any type of discepancy in miliseconds
between system B & C when
comparing dumps
so for instance .. if B sees the packet at .398348 and C sees it at .398350,
does that mean that
it took longer to get to B than C?
Was the system clock off by a few milimiliseconds maybe?
In scenario B) (-ttttt) ... the packets start at point 0.
and so the actual latency from start to finish can be eaaaaaaaaasily calculated.
anyways. feedback on this would be great
thanks :)
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.
