请教时间戳相关的问题
请教各位关于数据包的时间戳相关的问题:
1. 时间戳是在什么地方保存的?TCP头部吗?
2. 时间戳的格式是什么样的? 有人告诉我是从1970.1.1以来经过的秒数,显然不对,因为时间戳的数字只有8位,而1970.1.1以来经过的秒数是10位的数字。时间戳如何转换成通常的时分秒(毫秒?)时间?
3.下面的是TCPDUMP的输出,后面时间戳表示的是什么意思?一条记录里有两个数值,为什么有的是前边的数值大于后面的数值,而有的是后面的数值大于前面的数值?
16:02:59.142163 IP 192.168.0.232.32842 > 192.168.0.233.ftp: P 3027157284:3027157295(11) ack 2839739392 win 6432 <nop,nop,timestamp 10864012 10818773>
16:02:59.142443 IP 192.168.0.233.ftp > 192.168.0.232.32842: P 1:16(15) ack 11 win 5792 <nop,nop,timestamp 10823983 10864012>
16:02:59.142457 IP 192.168.0.232.32842 > 192.168.0.233.ftp: . ack 16 win 6432 <nop,nop,timestamp 10864012 10823983>
16:02:59.142528 IP 192.168.0.232.32842 > 192.168.0.233.ftp: P 11:22(11) ack 16 win 6432 <nop,nop,timestamp 10864012 10823983>
16:02:59.142655 IP 192.168.0.233.ftp > 192.168.0.232.32842: P 16:36(20) ack 22 win 5792 <nop,nop,timestamp 10823983 10864012>
16:02:59.142768 IP 192.168.0.232.32842 > 192.168.0.233.ftp: P 22:28(6) ack 36 win 6432 <nop,nop,timestamp 10864012 10823983>
16:02:59.143415 IP 192.168.0.233.ftp > 192.168.0.232.32842: P 36:86(50) ack 28 win 5792 <nop,nop,timestamp 10823983 10864012>
16:02:59.143469 IP 192.168.0.232.32851 > 192.168.0.233.32844: S 276251817:276251817(0) win 5840 <mss 1460,sackOK,timestamp 10864012[|tcp]>
16:02:59.143553 IP 192.168.0.233.32844 > 192.168.0.232.32851: S 4279851852:4279851852(0) ack 276251818 win 5792 <mss 1460,sackOK,timestamp 10823983[|tcp]>
16:02:59.143569 IP 192.168.0.232.32851 > 192.168.0.233.32844: . ack 1 win 5840 <nop,nop,timestamp 10864012 10823983>
16:02:59.143600 IP 192.168.0.232.32842 > 192.168.0.233.ftp: P 28:39(11) ack 86 win 6432 <nop,nop,timestamp 10864012 10823983>
16:02:59.143820 IP 192.168.0.233.ftp > 192.168.0.232.32842: P 86:155(69) ack 39 win 5792 <nop,nop,timestamp 10823983 10864012>
16:02:59.143945 IP 192.168.0.233.32844 > 192.168.0.232.32851: . 1:1449(1448) ack 1 win 5792 <nop,nop,timestamp 10823984 10864012>
16:02:59.143958 IP 192.168.0.232.32851 > 192.168.0.233.32844: . ack 1449 win 8688 <nop,nop,timestamp 10864012 10823984>
16:02:59.143947 IP 192.168.0.233.32844 > 192.168.0.232.32851: . 1449:2897(1448) ack 1 win 5792 <nop,nop,timestamp 10823984 10864012>
16:02:59.143972 IP 192.168.0.232.32851 > 192.168.0.233.32844: . ack 2897 win 11584 <nop,nop,timestamp 10864012 10823984>
16:02:59.144137 IP 192.168.0.233.32844 > 192.168.0.232.32851: P 2897:4345(1448) ack 1 win 5792 <nop,nop,timestamp 10823984 10864012>
16:02:59.144154 IP 192.168.0.232.32851 > 192.168.0.233.32844: . ack 4345 win 14480 <nop,nop,timestamp 10864013 10823984>
16:02:59.144140 IP 192.168.0.233.32844 > 192.168.0.232.32851: . 4345:5793(1448) ack 1 win 5792 <nop,nop,timestamp 10823984 10864012>
16:02:59.144162 IP 192.168.0.232.32851 > 192.168.0.233.32844: . ack 5793 win 17376 <nop,nop,timestamp 10864013 10823984>
我没有找到相关的资料,哪位能告诉我这些答案,或者到哪里找这些答案?谢谢。
搜索更多相关主题的帖子:
请教 时间
