Open deepakrana47 opened 4 years ago
fklassen
commented
4 years ago tcprewrite produces PCAP files which have microsecond resolution. Your input file must be a PCAP-NG file, which supports nanosecond resolution.
PCAP-NG files have a newer format which also allows programs like Wireshark to open them without loading the entire trace into memory.
deepakrana47
commented
4 years ago So, i tried with pcap-ng file also. But still getting the output pcap file with microsecond resolution.
I have "input.pcap" (pcap file with nanosecond resolution)
I followed the following steps:
so the tmp1.pcap is still a pcap file with microsecond resolution.
fklassen
commented
2 years ago Removing from 4.4. Will leave around for consideration for future releases.
I am using "tcprewrite" for changing the IP-addresses of the a pcap file by executing the following command:
tcprewrite --srcipmap=192.168.1.99:10.2.1.45 --dstipmap=192.168.1.100:10.10.10.81 --infile=input.pcap --outfile=output.pcap
Then, when i go through the output.pcap I found out that the timestamps of packets in output.pcap file having a value up to 6 decimal point while in input.pcap it was 9 decimal points.
e.g.: if in input.pcap timestamp is: 1555486009.955677809 Then in output.pcap timestamp is: 1555486009.955677000
Can you please help me if there is some way i can get 9 decimal points timestamps (as i have gone through the tcprewrite manual but no success)
Thank you