DNS flows date stamps
23 views
Skip to first unread message
Akira
Jun 1, 2011, 12:06:13 PM6/1/11
to pcapr-forum
Hi ,
During a network flow analysis , I've encountered this strange date
format (the last column is taken by the flow.time method) :
1 -- 10.10.10.2 > 10.10.10.251 - DNS - 2.53785e-08
2 -- 10.10.10.2 > 64.191.*.* - TCP - 0.048144
3 -- 10.10.10.2 > 69.64.*.* - TCP - 0.820652
4 -- 10.10.10.2 > 173.45.*.* - TCP - 21.7846
5 -- 10.10.10.2 > 64.120.*.* - TCP - 22.5329
6 -- 10.10.10.2 > 64.191.*.* - TCP - 23.2985
7 -- 10.10.10.2 > 173.45*.* - TCP - 23.9396
8 -- 10.10.10.2 > 64.191.*.* - TCP - 29.6441
Which time format is 2.53785e-08 ??
I'm planning to inject these fields in a relational DB, so I'm
guessing which could be the right data type for this field.
Any suggestion?
thanks
During a network flow analysis , I've encountered this strange date
format (the last column is taken by the flow.time method) :
1 -- 10.10.10.2 > 10.10.10.251 - DNS - 2.53785e-08
2 -- 10.10.10.2 > 64.191.*.* - TCP - 0.048144
3 -- 10.10.10.2 > 69.64.*.* - TCP - 0.820652
4 -- 10.10.10.2 > 173.45.*.* - TCP - 21.7846
5 -- 10.10.10.2 > 64.120.*.* - TCP - 22.5329
6 -- 10.10.10.2 > 64.191.*.* - TCP - 23.2985
7 -- 10.10.10.2 > 173.45*.* - TCP - 23.9396
8 -- 10.10.10.2 > 64.191.*.* - TCP - 29.6441
Which time format is 2.53785e-08 ??
I'm planning to inject these fields in a relational DB, so I'm
guessing which could be the right data type for this field.
Any suggestion?
thanks
kowsik
Jun 1, 2011, 12:11:57 PM6/1/11
to pcapr...@googlegroups.com
It's a float/double of the duration expressed as seconds. This is
derived from the timestamps of the first and last packet in the
indexed pcap.
The Pcapr Team
http://www.pcapr.net
http://twitter.com/pcapr
http://labs.mudynamics.com
Akira
Jun 2, 2011, 12:27:38 PM6/2/11
to pcapr-forum
Reply all
Reply to author
Forward
0 new messages