Wireshark mailing list archives

Re: Timestamp Skew

From: "Gianluca Varenni" <gianluca.varenni () cacetech com>
Date: Thu, 14 Jan 2010 10:57:54 -0800

WinPcap synchronizes with the system time only when at the beginning of a 
capture. More precisely, it syncs when you start a capture only if there are 
no other captures (on the same adapter or different adapters) running. As a 
consequence, adjustments to the clock done by NTP are not seen.

Have a nice day
GV

--------------------------------------------------
From: "Guy Harris" <guy () alum mit edu>
Sent: Thursday, January 14, 2010 10:25 AM
To: "Community support list for Wireshark" <wireshark-users () wireshark org>
Subject: Re: [Wireshark-users] Timestamp Skew


On Jan 14, 2010, at 10:19 AM, Lee Riemer wrote:

The sniffer server is syncing with NTP, and this is also a dual core 
system.  You may be on to something, though.  If the box is correcting 
it's skew with NTP, wireshark might not be if it isn't polling the time 
for each packet.

Anyone know exactly how WS picks the time to stamp?


On Windows, it takes it from the information supplied to it by WinPcap, so 
it's not Wireshark that's picking the time to stamp, it's WinPcap.  (On 
UN*X, it takes it from the information supplied to it by libpcap, which 
is, on almost all platforms, the time supplied to libpcap by the OS-native 
packet capture mechanism being used by libpcap.)

If none of the WinPcap developers reply here, you might want to report it 
to them as a bug:

http://www.winpcap.org/bugs.htm
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users

mailto:wireshark-users-request () wireshark org?subject=unsubscribe


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Current thread:

Timestamp Skew Lee Riemer (Jan 14)
- Re: Timestamp Skew Michael Glenn (Jan 14)
  - Re: Timestamp Skew Lee Riemer (Jan 14)
    - Re: Timestamp Skew Guy Harris (Jan 14)
    - Re: Timestamp Skew Bill Meier (Jan 14)
    - Re: Timestamp Skew Gianluca Varenni (Jan 14)
    - Re: Timestamp Skew Lee Riemer (Jan 14)
    - Re: Timestamp Skew Gianluca Varenni (Jan 14)
    - Re: Timestamp Skew Lee Riemer (Jan 14)
    - Re: Timestamp Skew Gianluca Varenni (Jan 14)
    - Re: Timestamp Skew Tamás Varga (Jan 15)
    - Re: Timestamp Skew Guy Harris (Jan 15)
    - Re: Timestamp Skew Gianluca Varenni (Jan 15)
    - Re: Timestamp Skew Guy Harris (Jan 15)
    - Re: Timestamp Skew Gianluca Varenni (Jan 15)