Re: tcpdump and timezone mismatch (STABLE 14 vs STABLE 13)
- In reply to: mike tancsa : "tcpdump and timezone mismatch (STABLE 14 vs STABLE 13)"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 14 Sep 2023 19:21:56 UTC
On 9/14/2023 12:24 PM, mike tancsa wrote: > Just starting to play around with RELENG_14 and noticed one odd thing > I didnt see in the UPDATING notes. The server's Timezone is set to > EDT (GMT-4), but tcpdumping the pflogs show it in UTC. > > # date > Thu Sep 14 12:22:11 EDT 2023 > # tcpdump -ner /var/log/pflog | tail -1 > reading from file /var/log/pflog, link-type PFLOG (OpenBSD pflog > file), snapshot length 200 > 16:21:18.848111 rule 0/0(match): block in on vtnet0: > 185.11.61.68.52750 > xxx.yyy.zzz.141.33428: Flags [S], seq 4237808372, > win 1024, length 0 > > # > > Same with dumping pflog0 in real time > > # tcpdump -nei pflog0 action block > tcpdump: verbose output suppressed, use -v[v]... for full protocol decode > listening on pflog0, link-type PFLOG (OpenBSD pflog file), snapshot > length 262144 bytes > > 16:22:59.205362 rule 0/0(match): block in on vtnet0: > 198.12.88.139.58870 > xxx.yyy.zzz.141.4963: Flags [S], seq 3991681664, > win 1024, length 0 > > Is there a way to change this behavior ? Is it expected ? > I tried tcpdump from ports and the same thing. If I set my server's timezone to UTC, the tcpdump at least matches the server's timezone. If I copy the pcap file to a releng13 box that has localtime set to EDT, tcpdump on it shows the correct time. Its almost as if tcpdump does not see /etc/localtime ? Perms look right root@nano14:~ # ls -l /etc/localtime -r--r--r-- 1 root wheel 3494 Aug 26 08:11 /etc/localtime root@nano14:~ #