Fwd: Why the pcap file time different with argus file?

Matt Brown matthewbrown at gmail.com
Tue Jul 16 10:33:17 EDT 2013 

The time values are floats of unix time.  Use a function to convert them...

Read docs on...
Mysql's: unix_timestamp(), str_to_date()

Excel: you can use cell formatting.

The date and time are stored as a float of unix time.

Hope this helps.

Matt.



On Jul 16, 2013, at 7:28 AM, Rahimeh Khodadadi <rahimeh.khodadadi at gmail.com>
wrote:

The time of Mysql and Excel are like a float number, I want to show time
format like h:m:s


On Tue, Jul 16, 2013 at 3:22 PM, Carter Bullard <carter at qosient.com> wrote:

> MySQL and Excel demand a specific time format.  So what do you expect the
> time format should be ?
>
> Sent from my iPad
>
> On Jul 16, 2013, at 6:37 AM, Rahimeh Khodadadi <
> rahimeh.khodadadi at gmail.com> wrote:
>
> But I have red the ra document. when I use ra command the time is ok, just
> using rasqlinsert it is changed?
> Please tell me know the reason ??
>
>
> On Tue, Jul 16, 2013 at 2:59 PM, Carter Bullard <carter at qosient.com>wrote:
>
>> I'm very sorry, but your questions are so simple that it is clear that
>> you do not understand the tools.  Please read the man page for ra() before
>> asking any other questions !!!!
>>
>>    % man ra
>>
>>
>>
>> Sent from my iPad
>>
>> On Jul 16, 2013, at 5:33 AM, Rahimeh Khodadadi <
>> rahimeh.khodadadi at gmail.com> wrote:
>>
>> I forgot to say, when I insert the data to mysql or excel the time is
>> changed. I saw the rarc file the config for time is : %T.%f
>> Why it happened???
>>
>> ---------- Forwarded message ----------
>> From: Rahimeh Khodadadi <rahimeh.khodadadi at gmail.com>
>> Date: Tue, Jul 16, 2013 at 1:11 PM
>> Subject: Why the pcap file time different with argus file?
>> To: "argus-info at lists.andrew.cmu.edu" <argus-info at lists.andrew.cmu.edu>
>>
>>
>> Hi all,
>>
>> I capture traffic with wireshark then covert that to flow by Argus. When
>> I see both of them, I found that the time of them are diffrent.
>>
>> Why and What do I do for slove it??
>>
>> whireshark  time                                 stime argus
>> 12.868672000                                  1373487478.2456
>>
>>
>>
>>
>> --
>> With Best Regards
>> Rahimeh Khodadadi
>>
>>
>>
>>
>> --
>> With Best Regards
>> Rahimeh Khodadadi
>>
>>
>
>
> --
> With Best Regards
> Rahimeh Khodadadi
>
>


-- 
With Best Regards
Rahimeh Khodadadi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20130716/271fce36/attachment.html>

More information about the argus mailing list