Jump to content
Hak5 Forums
SeRCH1nER

Packet Squirrel/PCAP Timestamp

Recommended Posts

Is there any way to get the correct timestamps on my PCAP captures.  Assuming this thing does not have a RTC since every time I log into the PS it has a different timestamp???! Annoying when  troubleshooting and testing new network nodes without having a correct timestamp for my failures....  Grrrrrrr.  

Share this post


Link to post
Share on other sites

best way to get a time is to ask for it by a ntp server. or grabbing it from a packet.

Share this post


Link to post
Share on other sites

I am assuming the Packet Squirrel would sync with a NTP server before running the TCPDUMP Payload.  

Any tips on how I can do this?? 

Share this post


Link to post
Share on other sites

Would I run something like  ntpdate -s time.nist.gov before running the payload.  How would that then get applied to the PS. 

  

Share this post


Link to post
Share on other sites
22 hours ago, SeRCH1nER said:

Surprised no one has run into this issue before. 

This was actually mentioned in their "Let's Code" video when the Packet Squirrel was first released - so it's a known "issue". It can be done by syncing with NTP; however this can't be done in Transparent mode. You would need an IP on the target network with Internet access in order to accomplish this. While it might not be perfect, and might require some parsing on your part - you could always snag Timestamps from HTTP headers as well when returned across the wire.

Share this post


Link to post
Share on other sites
On 3/30/2018 at 7:17 AM, Decoy said:

This was actually mentioned in their "Let's Code" video when the Packet Squirrel was first released - so it's a known "issue". It can be done by syncing with NTP; however this can't be done in Transparent mode. You would need an IP on the target network with Internet access in order to accomplish this. While it might not be perfect, and might require some parsing on your part - you could always snag Timestamps from HTTP headers as well when returned across the wire.

Thanks man, I will have to take a look.  

Share this post


Link to post
Share on other sites

Hi,

is there any short "how-to" available? I'm not too experienced in this topic, so it would be great if I could learn how to get the correct timestamp on my Packet Squirrel.

I'm using it only for capturing the packets from the target pc which is connected to the Internet via the PS.

Works great, just the timestamp is not correct.

The time for OS of the PS is correct, I used the ntpd to set the time, but still the packets are getting the time from the file in the subfolder payloads 1.

Your help is really appreciated!

Joe

Share this post


Link to post
Share on other sites

Short Update: 

I was not successful to get the correct date on the timestamps for the packet when saving a new file with a current date on the PS.

All timestamps from the dates of the payload.sh.

Looking forward to your ideas,

Thanks!

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×