Time synchronization for capturing packets

["Bartosz Kiziukiewicz" <kiziuk () gmail com>]

Hi,

I was wondering what would be the best solution for solving following  
problem.

I'm using two or more separate Windows machines for capturing traffic in a  
few network points.
The problem is that every machine has a different RTC time (even if the  
difference is a few seconds).
That complicates the correct correlation of traffic dumps.

What would be the best way to solve it?

I was thinking about some external time synchronization between machines.  
However that would require additional network wiring and a separate NIC to  
do this.
Also it would require to run some local SNTP software.
My concern also is that it will not allow a precise enough synchronization  
due to the nature of Windows OS.

As I recall, the timestamp of the pcap packet is given by the WinPcap  
driver, not the Wireshark itself.

Are there any other, better ways to do it?


--
BR,
Bartosz
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request () wireshark org?subject=unsubscribe