stdout syn packet information missing timestamp

Question

stdout syn packet information missing timestamp

michele-deluca opened this issue 2 years ago · 2 comments

When print to stdout the packet information is missing the timestamp of the syn packets:

TCP: 10.139.67.98(57151) -> 10.180.65.22(636) Seq 1197153098.(0) SYN
TCP: 10.180.65.22(636) -> 10.139.67.98(57151) Seq 4242385654.(0) ACK 1197153099 SYN
TCP: 10.139.67.98(57151) -> 10.180.65.22(636) Seq 1197153099.(0) ACK 4242385655
New TCP connection #1: 10.139.67.98(57151) <-> 10.180.65.22(636)
TCP: 10.139.67.98(57151) -> 10.180.65.22(636) Seq 1197153099.(383) ACK 4242385655 PUSH
1 1 1675954215.6833 (0.0343) C>S V3.3(378) Handshake
ClientHello

With this configuration we don't know when the connection was opened.

here the command line used:

ssldump -d -i eth0 -k -n -P -a -A -e -T -x -X -w dump.pcap port

Answer 1 · 2023-03-29T11:09:51.000Z

Any news for it?

Answer 2 · 2023-08-03T09:18:48.000Z

With #80 you can now use -z along with -T in order to print a timestamp in front of each line:

$ sudo ./ssldump -n -i eth0 -T -z
1691054137.8107 TCP: 10.9.8.7(58918) -> 10.11.12.13(443) Seq 1058698209.(39) ACK 3675828741 PUSH 
1691054137.8196 TCP: 10.11.12.13(443) -> 10.9.8.7(58918) Seq 3675828741.(0) ACK 1058698248 
1691054137.8196 TCP: 10.11.12.13(443) -> 10.9.8.7(58918) Seq 3675828741.(39) ACK 1058698248 PUSH 
1691054137.8197 TCP: 10.9.8.7(58918) -> 10.11.12.13(443) Seq 1058698248.(0) ACK 3675828780