Raw socket performance

["Bryan Hoyt | Brush Technology" <bryan () brush co nz>]

Hi there,

I'm using Wireshark to capture data that I'm receiving via a raw
socket (on linux) in another process (let's call it 'P').

I record the timestamp of each packet P receives, and compare that
with wireshark's timestamp. Wireshark *always* receives the data
~10-30us before P does. But theoretically, they should both be on
equal footing, because wireshark captures the data in the same way as
P (via a raw socket).

Why am I seeing this difference?

 - Bryan

--
Bryan Hoyt, Web Development Manager  --  Brush Technology
Ph: +64 3 942 7833     Mobile: +64 21 238 7955
Web: brush.co.nz
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe