Re: Help with timestamp

["Marcos Paredes Farrera" <mpared () essex ac uk>]

> I infer that your first question there is about packets being
> transmitted by the machine running tcpdump (or another libpcap-based
> application) and the second question is about packets being received
> from that machine.
>
> In the first case, it's assigned whenever the packet is supplied, by the
> networking stack, to whatever piece of code time-stamps the packet;
> that's before the first bit is even put onto the network.

So it means that for delivered packets the timestamp is done at the packet
beginning.

> In the second case, it's assigned whenever the packet is supplied, by
> the device driver or networking stack, to whatever piece of code
> time-stamps the packet; that's after the lat bit is received.

And for received Packets the time stamp is at the packet end.

> In other words, the time stamps aren't extremely precise measurements of
> when the first, or last, bit of the packet was put onto the network; the
> imprecision includes time spent passing the packet through the
> networking code and the driver code, as well as, possibly, through the
> networking card.  It might also, for incoming packets, include interrupt
> latency.

So if we have a tcpdump output with information  of every packet in the
interface, the timestamping is different between the outgoing and incoming
packets in that interface. I really need to confirm that because I've been
some performance test with Instantaneous Throughput and I have noticed that
the way how tcpdump make the timestamping is critical for this analysis and
in the other hand if there is a high traffic the way how is time stamped
become more notorious.

Regards Marcos

-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe