Ethereal-dev: Re: [Ethereal-dev] Packet Arrival Time

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Guy Harris <gharris@xxxxxxxxx>
Date: Sun, 25 Sep 2005 18:15:30 -0700
Feroz Raihan wrote:


I have a tcpdump(libpcap format) file. I wonder, how
to determine the individual packet arrival date and
time... Like it has 16 byte header before each frame
that has Second, Millisecond,


Microseconds, not milliseconds.


Packet length and
Capture length fields(each 4 bytes). Can I determine
the date and time from the first two fields?


Yes.
"Seconds" is seconds since January 1, 1970, 00:00:00 GMT (i.e., standard UN*X time), and "microseconds" is since that second.
You can convert "seconds" to date (year/month/day) and time (hour/minute/second) using the "localtime()" routine (which will convert it to local time in your time zone; that's not necessarily the time zone in which the packet was captured). You can then combine the seconds value of the time with the microseconds to get higher-resolution time.