[prev in list] [next in list] [prev in thread] [next in thread] 

List:       winpcap-users
Subject:    Re: [Winpcap-users] Problems with timestamps
From:       "Gianluca Varenni" <gianluca.varenni () cacetech ! com>
Date:       2009-01-21 1:16:26
Message-ID: 24FBB6640BA746388706799C1821B3CF () nelson2
[Download RAW message or body]


----- Original Message ----- 
From: "Juha Yli-Penttilä" <juha.yli-penttila@tut.fi>
To: <winpcap-users@winpcap.org>
Sent: Friday, January 16, 2009 6:13 AM
Subject: [Winpcap-users] Problems with timestamps


> Hi all,
>
> I'm doing TCP RTT analysis for EGPRS connection. I have used Wireshark 
> 1.5 + WinPcap 4.0.2 for capturing the logs files, but I encountered  some 
> problems regarding timestamps. The problems seems to be in  timestamp 
> resolution, that is, multiple packets are captured with the  same 
> timestamp. An example:
>
> 613 30.734375
> 614 30.765625
> 615 30.765625
> 616 30.796875
> 617 30.828125
> 618 30.828125
> 619 30.859375
> 620 30.890625
> 621 30.890625
> 622 30.921875
> 623 30.953125
> 624 30.953125
>
> It seems that timestamps are somehow rounded to certain values. That  is a 
> problem when calculating RTT estimates, because data segment and 
> acknowledgement may have the same timestamp. I am using Windows XP  SP2. 
> As far as I know, the timestamps have been ok in some older  Windows OS 
> (maybe 98 or 2000). The timestamps seem to be ok also in  Linux. So 
> basically my question is: is there an easy way the change  timestamp 
> resolutions in Windows XP? Also, can somebody tell if some  other Windows 
> OS (or other WinPcap) version suits my needs better or  is the easiest way 
> to just use Linux? Thanks in advance.

The problem affects sniffing all dialup/VPN connections. Packets are 
actually captured by a Microsoft component (NetMon) and timestamped quite 
late in the capture process. For the moment we use timestamps with a 
precision in the order of 10-15ms. I need to look into it and see if it's 
possible to use the native timestamps returned by NetMon.

Have a nice day
GV


>
> PS. I am not so familiar with source code modifications or compiling  my 
> own build, so by easy way I mean something else than those.  However, if 
> source code modification is needed, instructions are  welcome.
>
> -- 
> Juha Yli-Penttilä
>
>
> _______________________________________________
> Winpcap-users mailing list
> Winpcap-users@winpcap.org
> https://www.winpcap.org/mailman/listinfo/winpcap-users 

_______________________________________________
Winpcap-users mailing list
Winpcap-users@winpcap.org
https://www.winpcap.org/mailman/listinfo/winpcap-users
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic