Re: Time synchronization for capturing packets

[Graham Bloice <graham.bloice () trihedral com>]

On 25/08/2011 10:30, Bartosz Kiziukiewicz wrote:
> Hi,
>
> I was wondering what would be the best solution for solving following problem.
>
> I'm using two or more separate Windows machines for capturing traffic in a
> few network points.
> The problem is that every machine has a different RTC time (even if the
> difference is a few seconds).
> That complicates the correct correlation of traffic dumps.
>
> What would be the best way to solve it?
>
> I was thinking about some external time synchronization between machines.
> However that would require additional network wiring and a separate NIC to
> do this.
> Also it would require to run some local SNTP software.
> My concern also is that it will not allow a precise enough synchronization
> due to the nature of Windows OS.
>
> As I recall, the timestamp of the pcap packet is given by the WinPcap
> driver, not the Wireshark itself.
>
> Are there any other, better ways to do it?
Windows has built-in facilities to synchronise the time between machines. 
Have a look at what the w32tm executable can do for you:
http://technet.microsoft.com/en-us/library/w32tm%28WS.10%29.aspx

Later versions of windows add more functionality to the command. 

-- 
Regards,

Graham Bloice


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe