tcpdump -tttt option loses timezone

Raphael R. raphaelr at gmail.com
Sun Oct 3 04:04:37 PDT 2004


The -tttt option doesn't use timezone, the time is always GMT:

# tcpdump -n -tttt
06/13/2004 13:31:35.758527 192.168.2.1 > 192.168.2.254: icmp: echo request
06/13/2004 13:31:35.758684 192.168.2.254 > 192.168.2.1: icmp: echo reply

without time option, I have:
# tcpdump -n
15:31:30.808613 192.168.2.1 > 192.168.2.254: icmp: echo request
15:31:30.808769 192.168.2.254 > 192.168.2.1: icmp: echo reply

The reason is quite simple (based on 3.8.3 source code) in tcpdump.c:

....
int tflag = 1; /* print packet arrival
time */
....

....
case 't':
--tflag;
break;
....

....
if (tflag > 0)
thiszone = gmt2local(0);
....

if -tttt option is enabled gmt2local isn't called and
thiszone is alway equals to 0.

I've provided a patch:

--- tcpdump.c.orig Sun Jun 13 15:50:49 2004
+++ tcpdump.c Sun Jun 13 15:56:42 2004
@@ -615,7 +615,7 @@
/* NOTREACHED */
}

- if (tflag > 0)
+ if ((tflag > 0) || (tflag == -3))
thiszone = gmt2local(0);

if (RFileName != NULL) {


Another solution is to remove the "if (tflag > 0)" test. This bug was
discovered on FreeBSD 5.2.1 (tcpdump 3.7.2 + multidlt) with but apply
to all others platforms. This bug is now fixed on branch tcpdump_3_8
and HEAD on tcpdump CVS.

I hope that it can be fixed before the 5.3-RELEASE.


Raphael Raimbault.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: tcpdump.c.patch
Type: application/octet-stream
Size: 240 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-current/attachments/20041003/59467ab6/tcpdump.c.obj


More information about the freebsd-current mailing list