Ale*_*lex 4 timestamp tcpdump pcap
我想使用tcpdump查看pcap文件中数据包的绝对时间戳。当我使用命令tcpdump -r mypcapfiile时,它仅显示时间,
03:21:14.804778 IP static.vnpt.vn.51193 > 192.168.0.146.smtp
如何读取日期呢?
您可以使用以下-tttt选项:
$ tcpdump -tttt -nr tmp.pcap
reading from file tmp.pcap, link-type EN10MB (Ethernet)
2018-01-19 17:50:43.275918 IP 172.24.0.97.45386 > 93.153.221.29.80: Flags [.], ack 3335572340, win 251, options [nop,nop,TS val 98777655 ecr 230462279], length 0
2018-01-19 17:50:43.287273 IP 93.153.221.29.80 > 172.24.0.97.45386: Flags [.], ack 1, win 285, options [nop,nop,TS val 230464839 ecr 98706059], length 0
2018-01-19 17:50:44.138480 ARP, Request who-has 172.24.0.73 tell 172.24.0.78, length 46
2018-01-19 17:50:45.162482 ARP, Request who-has 172.24.0.73 tell 172.24.0.78, length 46
| 归档时间: |
|
| 查看次数: |
5785 次 |
| 最近记录: |