Original PCAP timestamps instead of timeofday-generated

[infokek]

trafficstars

I suggest to change PCAP logger code cause of bad timestamps. Timeofday-generated timestamps are not so good for zeek or any dpi parsing (the packages are not in the right order). Also original timestamps seems to be better in PCAP cause it helps to see the real time of the package (for example in Wireshark).

For example on one malware traffic (Smert Ransomware): PCAP source: https://app.any.run/tasks/5b2f8a32-62ea-47b1-9c3a-b9b474fb0774/ Original pcap timestamps (Wireshark with SSLKeyLogFile specified in settings):

Current ssldump version (gettimeofday-generated timestamps - decrypted at 7 Aug):

This PR's version:

This feature may be very helpful for some malware traffic analysts in future and seems to be more correctly. Please correct me if I'm wrong somewhere.