Subject: Re: tcpdump and time
To: Jan Danielsson <>
From: Gilbert Fernandes <>
List: tech-net
Date: 01/30/2006 22:06:27
>   I have written a tool for monitoring my firewall (pf).

pf already has a tool for monitoring :)

Is your tool improving it ?

> to be offset by (exactly) minus an hour. Why is this?

It records time as UTC it seems, thus -0100.
The man page talks about the timestamp but doesn't say
the output will be converted to UTC so perhaps tcpdump
does not take in consideration /etc/localtime

> I live in Sweden, GMT+1 (in case it is relevant). NetBSD/i386
> 3.0.

unzip ; strip ; touch ; grep ; find ; finger ; mount ; fsck ; more ; yes ;
fsck ; umount ; sleep