Set timestamp type and precision during capture

-J/--list-time-stamp-types“ option is used to list timestamp types that interface supports: 

  1. $ tcpdump -J
  2. Time stamp types for enp0s3 (use option -j to set):
  3.   host (Host)
  4.   adapter_unsynced (Adapter, not synced with system time)

As prompted, “-j tstamp_type/--time-stamp-type=tstamp_type“ option can be used to set timestamp type. Now 5 types are supported: host, host_lowprec, host_hiprec, adapter and adapter_unsynced (please refer pcap-tstamp).

The timestamp precision can be set in microsecond resolution (“--time-stamp-precision=macro/--macro“) or nanosecond resolution (“--time-stamp-precision=nano/--nano“): 

  1. # tcpdump --time-stamp-precision=nano
  2. tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
  3. listening on enp0s3, link-type EN10MB (Ethernet), snapshot length 262144 bytes
  4. 17:53:08.669795918 IP 192.168.35.211.ssh > 10.217.133.115.56843: Flags [P.], seq 2946671030:2946671138, ack 2526798027, win 317, length 108
  5. 17:53:08.670069187 IP 192.168.35.211.ssh > 10.217.133.115.56843: Flags [P.], seq 108:144, ack 1, win 317, length 36
  6. 17:53:08.670174142 IP 192.168.35.211.ssh > 10.217.133.115.56843: Flags [P.], seq 144:204, ack 1, win 317, length 60
  7. 17:53:08.670267764 IP 192.168.35.211.ssh > 10.217.133.115.56843: Flags [P.], seq 204:272, ack 1, win 317, length 68
  8. 17:53:08.670356638 IP 192.168.35.211.ssh > 10.217.133.115.56843: Flags [P.], seq 272:340, ack 1, win 317, length 68
  9. 17:53:08.670435999 IP 192.168.35.211.ssh > 10.217.133.115.56843: Flags [P.], seq 340:376, ack 1, win 317, length 36
  10. ......

The actual precision of timestamp depends on the Operating System and hardware.