Re: remote capture framework

[Morty <morty+wireshark () frakir org>]

On Thu, May 13, 2010 at 04:54:34PM -0700, Phil Paradis wrote:

> I'm not sure about the timestamp issue; all of our capture boxes are
> Windows-based, so I've never really played with a long-running
> capture on Linux.

How long did you have to leave it running before seeing the problem on
Windows?  I've left dumpcap running on a Linux box for 5 days, started
a big download, and am seeing minimal time differences.  Methodology:

dumpcap -w test.pcap -b filesize:1024 -b files:5 > /dev/null 2>&1 &
# wait 5 days
# kick off big download
tcpdump -nr $(ls -1rt *.pcap|tail -1)|tail -1; date +%H:%M:%S.%N

The delta between the tcpdump and the current date+time is about 10ms
on my box, which is about what it was when I kicked this off 5 days
ago.

Is 5 days long enough to prove that this isn't a problem under Linux,
or does it need to stay longer?

- Morty
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe