Wireshark mailing list archives
Re: Timestamp Skew
From: "Gianluca Varenni" <gianluca.varenni () cacetech com>
Date: Thu, 14 Jan 2010 12:48:36 -0800
The problem in your case is *not* due to multiple cores. It's due to NTP. Have a nice day GV -------------------------------------------------- From: "Lee Riemer" <lriemer () bestline net> Sent: Thursday, January 14, 2010 12:39 PM To: <wireshark-users () wireshark org> Subject: Re: [Wireshark-users] Timestamp Skew
Thanks for the link! I may do this or disable one of the cores. On 1/14/2010 2:33 PM, Gianluca Varenni wrote:Well, you already got an answer from the WinPcap team... I work in the WinPcap team. If a timestamp precision in the order of some milliseconds is ok for you, then you can switch the timestamping mode to a less precise one that is sync'ed with the system time. You can find details on how to change the timestamping mode in this email: http://www.winpcap.org/pipermail/winpcap-bugs/2010-January/001153.html Have a nice day GV -------------------------------------------------- From: "Lee Riemer"<lriemer () bestline net> Sent: Thursday, January 14, 2010 11:28 AM To:<wireshark-users () wireshark org> Subject: Re: [Wireshark-users] Timestamp SkewThanks all for the info. I'll direct my concerns to the WinPcap group. On 1/14/2010 12:57 PM, Gianluca Varenni wrote:WinPcap synchronizes with the system time only when at the beginning of a capture. More precisely, it syncs when you start a capture only if there are no other captures (on the same adapter or different adapters) running. As a consequence, adjustments to the clock done by NTP are not seen. Have a nice day GV -------------------------------------------------- From: "Guy Harris"<guy () alum mit edu> Sent: Thursday, January 14, 2010 10:25 AM To: "Community support list for Wireshark"<wireshark-users () wireshark org> Subject: Re: [Wireshark-users] Timestamp SkewOn Jan 14, 2010, at 10:19 AM, Lee Riemer wrote:The sniffer server is syncing with NTP, and this is also a dual core system. You may be on to something, though. If the box is correcting it's skew with NTP, wireshark might not be if it isn't polling the time for each packet. Anyone know exactly how WS picks the time to stamp?On Windows, it takes it from the information supplied to it by WinPcap, so it's not Wireshark that's picking the time to stamp, it's WinPcap. (On UN*X, it takes it from the information supplied to it by libpcap, which is, on almost all platforms, the time supplied to libpcap by the OS-native packet capture mechanism being used by libpcap.) If none of the WinPcap developers reply here, you might want to report it to them as a bug: http://www.winpcap.org/bugs.htm ___________________________________________________________________________ Sent via: Wireshark-users mailing list<wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe___________________________________________________________________________ Sent via: Wireshark-users mailing list<wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe___________________________________________________________________________ Sent via: Wireshark-users mailing list<wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe___________________________________________________________________________ Sent via: Wireshark-users mailing list<wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- Timestamp Skew Lee Riemer (Jan 14)
- Re: Timestamp Skew Michael Glenn (Jan 14)
- Re: Timestamp Skew Lee Riemer (Jan 14)
- Re: Timestamp Skew Guy Harris (Jan 14)
- Re: Timestamp Skew Bill Meier (Jan 14)
- Re: Timestamp Skew Gianluca Varenni (Jan 14)
- Re: Timestamp Skew Lee Riemer (Jan 14)
- Re: Timestamp Skew Gianluca Varenni (Jan 14)
- Re: Timestamp Skew Lee Riemer (Jan 14)
- Re: Timestamp Skew Gianluca Varenni (Jan 14)
- Re: Timestamp Skew Tamás Varga (Jan 15)
- Re: Timestamp Skew Guy Harris (Jan 15)
- Re: Timestamp Skew Gianluca Varenni (Jan 15)
- Re: Timestamp Skew Guy Harris (Jan 15)
- Re: Timestamp Skew Gianluca Varenni (Jan 15)
- Re: Timestamp Skew Lee Riemer (Jan 14)
- Re: Timestamp Skew Michael Glenn (Jan 14)