On Thu, May 02, 2002 at 01:53:22AM -0400, Mark C Wishneusky wrote:
> I'm trying to parse tcpdump code for my class and I'm having a problem
> with the timestamps, more or less that I can't figure out how to parse
> them at all. After going through quite a bit (and the man page) I saw
> that it does HH:MM:SS.Fraction. I've been differing limits for the
> fraction. Anyway, what I've tried to figure out is how many bits are
> needed for each section. So far I've figured:
>
> H: 5 bits (max. value of 31)
> M: 6 bits (max. value of 63)
> S: 6 bits (max. value of 63)
> F: 20 bits (max. value of 524288)
To which timestamps are you referring?
If you're referring to the time stamps in a "pcap_pkthdr" structure,
they aren't in the format of 5 bits of hour, 6 bits of minute, etc..
Instead, they're in the form of:
32 bits of seconds since January 1, 1970, 00:00:00 GMT (i.e., a
UNIX "time_t");
32 bits of microseconds since the second in question.
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
