Wireshark mailing list archives
Re: Raw socket performance
From: kowsik <kowsik () gmail com>
Date: Mon, 28 Jun 2010 17:00:51 -0700
Depends on which process opens the socket first. The kernel copies incoming packets to these "taps" one at a time in sequence. Did you try launching 'P' first before Wireshark? K. --- http://www.pcapr.net http://twitter.com/pcapr http://labs.mudynamics.com On Mon, Jun 28, 2010 at 4:49 PM, Bryan Hoyt | Brush Technology <bryan () brush co nz> wrote:
Hi there, I'm using Wireshark to capture data that I'm receiving via a raw socket (on linux) in another process (let's call it 'P'). I record the timestamp of each packet P receives, and compare that with wireshark's timestamp. Wireshark *always* receives the data ~10-30us before P does. But theoretically, they should both be on equal footing, because wireshark captures the data in the same way as P (via a raw socket). Why am I seeing this difference? - Bryan -- Bryan Hoyt, Web Development Manager -- Brush Technology Ph: +64 3 942 7833 Mobile: +64 21 238 7955 Web: brush.co.nz ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- Raw socket performance Bryan Hoyt | Brush Technology (Jun 28)
- Re: Raw socket performance kowsik (Jun 28)
- Re: Raw socket performance Guy Harris (Jun 28)