Wireshark mailing list archives
Time synchronization for capturing packets
From: "Bartosz Kiziukiewicz" <kiziuk () gmail com>
Date: Thu, 25 Aug 2011 11:30:09 +0200
Hi,I was wondering what would be the best solution for solving following problem.
I'm using two or more separate Windows machines for capturing traffic in a few network points. The problem is that every machine has a different RTC time (even if the difference is a few seconds).
That complicates the correct correlation of traffic dumps. What would be the best way to solve it?I was thinking about some external time synchronization between machines. However that would require additional network wiring and a separate NIC to do this.
Also it would require to run some local SNTP software.My concern also is that it will not allow a precise enough synchronization due to the nature of Windows OS.
As I recall, the timestamp of the pcap packet is given by the WinPcap driver, not the Wireshark itself.
Are there any other, better ways to do it? -- BR, Bartosz ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- Time synchronization for capturing packets Bartosz Kiziukiewicz (Aug 25)
- Re: Time synchronization for capturing packets Graham Bloice (Aug 25)
- Re: Time synchronization for capturing packets Bartosz Kiziukiewicz (Aug 25)
- Re: Time synchronization for capturing packets Graham Bloice (Aug 25)
- Re: Time synchronization for capturing packets Bartosz Kiziukiewicz (Aug 25)
- Re: Time synchronization for capturing packets Stephen Fisher (Aug 25)
- Re: Time synchronization for capturing packets Bartosz Kiziukiewicz (Aug 25)
- Re: Time synchronization for capturing packets Graham Bloice (Aug 25)