Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Raw socket performance

From: kowsik <kowsik () gmail com>
Date: Mon, 28 Jun 2010 17:00:51 -0700
Depends on which process opens the socket first. The kernel copies
incoming packets to these "taps" one at a time in sequence. Did you
try launching 'P' first before Wireshark?

K.
---
http://www.pcapr.net
http://twitter.com/pcapr
http://labs.mudynamics.com

On Mon, Jun 28, 2010 at 4:49 PM, Bryan Hoyt | Brush Technology
<bryan () brush co nz> wrote:

Hi there,

I'm using Wireshark to capture data that I'm receiving via a raw
socket (on linux) in another process (let's call it 'P').

I record the timestamp of each packet P receives, and compare that
with wireshark's timestamp. Wireshark *always* receives the data
~10-30us before P does. But theoretically, they should both be on
equal footing, because wireshark captures the data in the same way as
P (via a raw socket).

Why am I seeing this difference?

 - Bryan

--
Bryan Hoyt, Web Development Manager  --  Brush Technology
Ph: +64 3 942 7833     Mobile: +64 21 238 7955
Web: brush.co.nz
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request () wireshark org?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: