Re: Wireshark time behind the actual time

[Phil Paradis <Phil.Paradis () unitedtote com>]

FiddlerCap probably just uses the system clock to generate time stamps, rather than the more precise 
KeQueryPerformanceCounter that WinPcap uses by default. If you can live with the 10-15ms precision of the system clock 
in Wireshark, you can always change the TimestampMode value in the registry.

As for the 20 second discrepancy when starting a Wireshark capture, it's possible the driver has already been running 
for quite some time when the capture began. Try stopping the NPF driver and then starting a capture, and see if the 20 
second delay disappears. 

On Aug 20, 2010, at 3:43 PM, Gary Chaulklin wrote:

> I am running a Microsoft tool called FiddlerCap and it does not have any time issues throughout the users session, 
> while Wireshark starts out 20 seconds slow and gets slower as the traces progress.  The user is performing tasks and 
> recording a timeline to the second using the PC's clock.  The PC's clock may not be the issue, maybe the issue is 
> delayed writing of packets???
>  
> The user is running another trace of JAVA activity as well so maybe we are running out of cycles.  But that doesn't 
> seem to explain why the timings in the FiddlerCap trace continue to have accurate times.
>
> <ATT00001..txt>

--
Phillip Paradis / Network Engineer / United Tote
Phone +1 502 509 7445 / Email phillip.paradis () unitedtote com

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe