When exporting to a K12 file, how does one decode the timestamp? 14:42:37,686,606 ETHER The file was generated at 9AM which I prove when I dump the file using tshark. Don't know how the above timestamp translates to 9AM. What are the comma separated values that follow? Thanks asked 29 Jan '15, 17:18  DrDRM |
One Answer:
Timestamps in capture files are usually stored as UTC values, so if your PC is not on UTC tshark will "translate" the file timestamp to your local time based on your timezone settings. The values behind the 37 seconds are probably milli- and microseconds. 686 milliseconds, 606 microseconds, or 6866060 microseconds in total. answered 29 Jan '15, 17:24  Jasper ♦♦ edited 29 Jan '15, 17:24 |
