Hi,
I'm trying to understand these three different timestamp; they don't seem to be in synced
1. pycapa captures network traffic and use the timestamp as the key; the timestamp is in microsecond from epoch
2. the timestamp in the sequence filename is in nanosecond from epoch
I try to convert these nanosecond from epoch to human readable time and they are very off. For example taking the time from below...This packet was captured on 2018-02-06 but the timestamp in the filename is way in the future. Is my formula not correct? nanosecond to second is 1000000000. Looking at the code, it looks like PcapCLI scan for the timestamp in the filename when we run our query. Then it runs query against the matching files.
[root@hdp-slave-3 0.4.1]# date -d @$((5309030255444767488/1000000000))
Thu Mar 27 22:37:35 EDT 2138
3. the user input of query timestamp (pcap_query -st yyyyMMdd). The timestamp we use to query must match the timestamp in the filename and then in the packets stored in sequenceFile format.
-rw-r--r-- 3 storm hdfs575 2018-02-06 13:34 /apps/metron/pcap/pcap_pcap_5309030255444767488_0_pcap-7-1517848461
Please shed some light, I'm confused and seem to make things more complicated than it should be.
thank you!
