Hi: On tcpdump 4.1.1, printing from a saved standard format pcap file:
$ tcpdump -nn -tt -s 0 -r 128.XX.XX.197.icmp.trace |head -3 reading from file 128.XX.XX.197.icmp.trace, link-type EN10MB (Ethernet) 18:45:55.966123176 IP 128.XX.XX.197 > 78.186.239.143: ICMP host 128.XX.XX.33 unreachable, length 36 18:45:56.266157176 IP 128.XX.XX.197 > 212.152.40.91: ICMP host 128.XX.XX.103 unreachable, length 36 18:45:57.466110176 IP 128.XX.XX.197 > 72.32.167.183: ICMP host 128.XX.XX.115 unreachable, length 36 $ printing again: $ tcpdump -nn -tt -s 0 -r 128.XX.XX.197.icmp.trace |head -3 reading from file 128.XX.XX.197.icmp.trace, link-type EN10MB (Ethernet) 18:45:55.966123552 IP 128.XX.XX.197 > 78.186.239.143: ICMP host 128.XX.XX.33 unreachable, length 36 18:45:56.266157552 IP 128.XX.XX.197 > 212.152.40.91: ICMP host 128.XX.XX.103 unreachable, length 36 18:45:57.466110552 IP 128.XX.XX.197 > 72.32.167.183: ICMP host 128.XX.XX.115 unreachable, length 36 $ The final 3 digits of the timestamp are bogus and always the same throughout the run. Since the timestamps are stored in microsecond precision, shouldn't the last 3 digits be 0's? Thanks in advance. _______________________________________________ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
