[pcap-ng-format] Issue #24: Need to specify the IDB if_tzone option format
Guy Harris
guy at alum.mit.edu
Wed Aug 26 03:02:28 UTC 2015
On Aug 25, 2015, at 7:44 PM, Hadriel Kaplan <the.real.hadriel at gmail.com> wrote:
> Sorry, I meant "your" as in the +8 hour one, not the one of the local
> application. I.e., I live in the East coast of the US (EDT currently,
> but that doesn't matter). You send me your capture file. Wireshark
> opens it, sees a +8, which it knows means PST because we say that's
> what the option means. I'm assuming that it can figure out that if a
> packet in the capture was captured at 9pm yesterday in UTC, that it
> could display that to me as 9pm UTC, or 5pm EDT, or 2pm PDT - not
> because *I* am in DST, but rather because PST at 9pm UTC was in DST.
OK, let's say you have two capture files, one from Phoenix, Arizona, and one from Denver, Colorado.
As you indicate:
> The number of seconds in local Standard Time, West of UTC, regardless
> of current DST being in effect or not. (i.e., keep DST-handling in the
> presentation layer, not in the file contents)
>
> So for you it would be +8 hours (=28800 seconds) all the time.
both capture files would have +7 as the offset.
If you tell the application to display the time stamps as local time in the location where they were captured, how, then, would it know that the *current* offset from UTC of Phoenix is 7 hours and the *current* offset from UTC of Denver is 6 hours, given that Phoenix is *not* in DST and Denver is:
$ TZ=America/Phoenix date; TZ=America/Denver date
Tue Aug 25 20:01:51 MST 2015
Tue Aug 25 21:01:51 MDT 2015
*without* providing some indication of the zone in which it's captured?
More information about the pcap-ng-format
mailing list