-t
Don't print a timestamp on each dump line.
-tt
Print the timestamp, as seconds since January 1, 1970, 00:00:00, UTC, and fractions of a second since that time, on each dump line.
-ttt
Print a delta (micro-second resolution) between current and previous line on each dump line.
-tttt
Print a timestamp, as hours, minutes, seconds, and fractions of a second since midnight, preceded by the date, on each dump line.
-ttttt
Print a delta (micro-second resolution) between current and first line on each dump line.
(来自评论)
pcap 文件(来自 tcpdump或wireshark 或 AFAIK 任何其他使用 libpcap 的文件)已经有绝对时间;它只是您需要调整的Wireshark 显示。
在
View菜单中单击Time Display Format并选择其中一个Time of Day选项。tcpdump 有自己的时间戳选项。
您可以在 tcpdump 手册页中找到更多信息。