Considering there's no timestamp field in an IP packet header, that'll be kinda difficult. There should be a ttl method to get the Time To Live field, but that's not any sort of timestamp.

sub process_pkt {
    my($user, $hdr, $pkt) = @_;
    my $currentmac = 0; # Client mac unidentified.(init)
      warn ("Bad user data\n"), if ($user ne "abc");
      warn("Bad pkthdr\n"), if (!defined($hdr));
      warn("Bad pkt data\n"), if (!defined($pkt));

    my ($sec,$min,$hour) =localtime($hdr->{tv_sec});
    my $len= $hdr->{len};
    my $buf;
    my $eth_obj = NetPacket::Ethernet->decode($pkt);
    #print("$eth_obj->{src_mac}:$eth_obj->{dest_mac} " .
    #      "$Ethernet_Type_Name{$eth_obj->{type}} \n");
    $buf = sprintf("%02d:%02d:%02d.%03d[%4d] ",
           $hour,$min,$sec, $hdr->{tv_usec} / 1000,$hdr->{len});
    return unless $eth_obj->{type} == ETH_TYPE_IP; # Only Handle IP4
    Decode_IP( $eth_obj,\$buf, $hdr);

   $count++;
}
[download]

The Timestamp is in the packet header

This is misleading. As Fletch already pointed out, the IP header does not contain a timestamp. In your code, $hdr contains data added by pcap during a capture and $hdr->{tv_sec} is the time when the packet was captured on the wire. It doesn't really have anything to with the IP header at all. Unless you're dealing with packets dumped through pcap you won't find a timestamp header field.


All dogma is stupid.