1

What is the relationship between the packet arrival time you get using packet.time

1628612981.267997

(which seem to have sub-second accuracy) and the timestamp found in packet['TCP'].options?

Timestamp: ('Timestamp', (126599704, 1805779421))

From what I understand, the timestamp tuple is Val (the actual timestamp) and Ecr (echo reply). Is packet.time a scapy-specific thing? Is the timestamp only accurate to the second?

FObersteiner
  • 22,500
  • 8
  • 42
  • 72
raubvogel
  • 41
  • 4

1 Answers1

1

The packet arrival time is the time of capture of the packet. when it arrived at the interface you used to capture.

The TCP.option's time is a time that the sender of the packet inserted. You could consider that time as the sending time of the packet.

So the relation is: arival_time = time_in_network + tcp.option.timestamp

fgagnaire
  • 839
  • 9
  • 18