Set timestamp type and precision during capture

"-J/--list-time-stamp-types" option is used to list timestamp types that interface supports:

$ tcpdump -J
Time stamp types for enp0s3 (use option -j to set):
  host (Host)
  adapter_unsynced (Adapter, not synced with system time)

As prompted, "-j tstamp_type/--time-stamp-type=tstamp_type" option can be used to set timestamp type. Now 5 types are supported: host, host_lowprec, host_hiprec, adapter and adapter_unsynced (please refer pcap-tstamp).

The timestamp precision can be set in microsecond resolution ("--time-stamp-precision=macro/--macro") or nanosecond resolution ("--time-stamp-precision=nano/--nano"):

# tcpdump --time-stamp-precision=nano
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on enp0s3, link-type EN10MB (Ethernet), snapshot length 262144 bytes
17:53:08.669795918 IP 192.168.35.211.ssh > 10.217.133.115.56843: Flags [P.], seq 2946671030:2946671138, ack 2526798027, win 317, length 108
17:53:08.670069187 IP 192.168.35.211.ssh > 10.217.133.115.56843: Flags [P.], seq 108:144, ack 1, win 317, length 36
17:53:08.670174142 IP 192.168.35.211.ssh > 10.217.133.115.56843: Flags [P.], seq 144:204, ack 1, win 317, length 60
17:53:08.670267764 IP 192.168.35.211.ssh > 10.217.133.115.56843: Flags [P.], seq 204:272, ack 1, win 317, length 68
17:53:08.670356638 IP 192.168.35.211.ssh > 10.217.133.115.56843: Flags [P.], seq 272:340, ack 1, win 317, length 68
17:53:08.670435999 IP 192.168.35.211.ssh > 10.217.133.115.56843: Flags [P.], seq 340:376, ack 1, win 317, length 36
......

The actual precision of timestamp depends on the Operating System and hardware.

results matching ""

    No results matching ""