Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: clock time trouble capturing TCP traffic over USB interface versus Ethernet one

From: Gilberton Philippe <Philippe.Gilberton () technicolor com>
Date: Tue, 28 Jun 2011 08:59:21 +0200
Thanks, I will check with WinPcap org.

        Philippe

-----Original Message-----
From: wireshark-users-bounces () wireshark org [mailto:wireshark-users-bounces () wireshark org] On Behalf Of Guy Harris
Sent: lundi 27 juin 2011 18:44
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] clock time trouble capturing TCP traffic over USB interface versus Ethernet one


On Jun 27, 2011, at 1:56 AM, Gilberton Philippe wrote:


I am currently facing a problem in capturing TCP traffic via a modem 3G connected to the USB port of my Windows XP 
machine. The reference clock time displayed on the column of the captured file is not the same as the one of a 
regular capture file I performed on the Ethernet clock of my PC. For my test bed purpose, I need to work on absolute 
time and not relative one.
To confirm I shifted the PC clock time of 1 hour and the clock time displayed on the column of the captured file 
through USB didn't change while the one captured on the Ethernet interface changed accordingly. By the way I didn't 
figure out which clock is use by Wireshark in case of 3g modem USB interface connection, is it USB clock, 3g modem 
clock?
Is there any way to set Wireshark capturing parameter to force it to use PC clock time instead of USB one?


Wireshark doesn't use any clock; it uses whatever time stamps it gets from WinPcap.

This probably has nothing to do with USB.

It probably has to do with PPP interfaces (such as mobile phone modems) vs. non-PPP interfaces:

        http://www.winpcap.org/misc/faq.htm#Q-5

"Windows 2000/XP (x86)/2003 (x86). these systems have limitations in the NDIS binding process that prevent a protocol 
driver from working properly on WAN adapters. WinPcap 3.1 and newer offer limited support for capturing on dial-up 
adapters using a wrapper over the Microsoft NetMon driver."

Capturing on the Ethernet interface and capturing on PPP interfaces go through different kernel-mode code paths; there 
may be a problem with the code path that goes through the NetMon driver.  You'd have to ask the WinPcap developers for 
details:

        http://www.winpcap.org/contact.htm
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: