The -tttt option doesn't use timezone, the time is always GMT: # tcpdump -n -tttt 06/13/2004 13:31:35.758527 192.168.2.1 > 192.168.2.254: icmp: echo request 06/13/2004 13:31:35.758684 192.168.2.254 > 192.168.2.1: icmp: echo reply without time option, I have: # tcpdump -n 15:31:30.808613 192.168.2.1 > 192.168.2.254: icmp: echo request 15:31:30.808769 192.168.2.254 > 192.168.2.1: icmp: echo reply The reason is quite simple (based on 3.8.3 source code) in tcpdump.c: .... int tflag = 1; /* print packet arrival time */ .... .... case 't': --tflag; break; .... .... if (tflag > 0) thiszone = gmt2local(0); .... if -tttt option is enabled gmt2local isn't called and thiszone is alway equals to 0. I've provided a patch: --- tcpdump.c.orig Sun Jun 13 15:50:49 2004 +++ tcpdump.c Sun Jun 13 15:56:42 2004 _at__at_ -615,7 +615,7 _at__at_ /* NOTREACHED */ } - if (tflag > 0) + if ((tflag > 0) || (tflag == -3)) thiszone = gmt2local(0); if (RFileName != NULL) { Another solution is to remove the "if (tflag > 0)" test. This bug was discovered on FreeBSD 5.2.1 (tcpdump 3.7.2 + multidlt) with but apply to all others platforms. This bug is now fixed on branch tcpdump_3_8 and HEAD on tcpdump CVS. I hope that it can be fixed before the 5.3-RELEASE. Raphael Raimbault.
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:15 UTC