Re: Should the tcpdump tests be run with TZ=GMT0, or should the AFS printer print time stamps in UTC?

[John Hawkinson <jhawk () MIT EDU>]

Denis Ovsienko <denis () ovsienko info> wrote on Mon,  6 Aug 2018
at 09:42:16 +0100 in <1650e66b5ad.12b3ab99e15597.8336631397456496826 () ovsienko info>:

> When a network protocol has a timestamp and defines it in UTC (which
> is often the case), to me it looks consistent if the host in the
> middle of the exchange (or completely out of the exchange, if that
> is a .pcap file) prints it in UTC as well. Such as, for example
> somebody in time zone A decoding NTP packets between hosts in time
> zones B and C --- why would the man in the middle need to translate
> the timestamps to any of those timezones when NTP encodes and
> operates UTC in the first place?

I think most of the time people who look at the output of decoders are doing so from the perspective of one of the two 
hosts, such as debugging application layer software. In such cases, the man in the middle perspective is really a 
strawman.

> The protocol terminating software would be more likely to need to
> translate UTC to a local timezone to verify or action it. Opposed to
> that, a protocol decoder just tells you what's on the wire.

Under normal usage, tcpdump prints the local time at the beginning of the line. A person looking at timestamps on the 
wire frequently wants to correlate those timestamps to the time of packet receipt. If they are in different timezones, 
that can be more challenging (although not always, since often we only care about the minutes and seconds).

--jhawk () mit edu
  John Hawkinson
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers () lists tcpdump org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers