[Winpcap-bugs] Timestamp negative offset

Gianluca Varenni gianluca.varenni at cacetech.com
Thu Dec 10 09:09:21 PST 2009


Can you please try this:

1. download debugview from 
http://technet.microsoft.com/en-us/sysinternals/bb896647.aspx
and run it.

2. On a command line, run a sequence of "net stop npf" and "net start npf".

You should see some output in debugview, please send it to me.

GV

  ----- Original Message ----- 
  From: Daniel Beutler 
  To: 'Gianluca Varenni' ; winpcap-bugs at winpcap.org 
  Sent: Wednesday, December 09, 2009 5:33 PM
  Subject: Re: [Winpcap-bugs] Timestamp negative offset


  The virtual machine host is a windows 2008 server running the VM in Hyper-V.  The Virtual Machine itself has 2 logical processors.

  Thanks,
  Danny

   

  From: Gianluca Varenni [mailto:gianluca.varenni at cacetech.com] 
  Sent: Wednesday, December 09, 2009 5:50 PM
  To: Daniel Beutler; winpcap-bugs at winpcap.org
  Subject: Re: [Winpcap-bugs] Timestamp negative offset

   

  Does the VM have more than 1 virtual CPU?

   

  Which virtualization technology do you use?

   

  Have a nice day

  GV

    ----- Original Message ----- 

    From: Daniel Beutler 

    To: winpcap-bugs at winpcap.org 

    Sent: Wednesday, December 09, 2009 11:29 AM

    Subject: [Winpcap-bugs] Timestamp negative offset

     

    WinPcap version 4.1.1

    Windows Server 2003 Service Pack 2

    Network Adapters: Microsoft Virtual Machine Bus Network Adapter (This machine is a VM)

    No special or differentiating networking software is installed on the machine

     

    Problem Description:

    Packet timestamps are incorrect.  As you can see in the attached sniff, the offset from the previous packet is negative for some packets.  I am going to refer to the attached sniff as I explain this so it may help to have it open as you read this. Packet #7 shows a negative offset of 7.917526 seconds from the previous packet. Packet #8 shows a positive offset of 7.988451 from the previous packet.  It seems as if there is a clock which is behind by about 7.95 seconds which some of the packets (#7,10,17,20,21,23,etc.) are getting their timestamp from.  The interesting thing is that this 7.95 second gap widens with system uptime.  For instance, immediately after rebooting the server, the gap was only .007 seconds.  After system had been up for a few days the gap was .73 seconds.  Now, after the server has been up 3 weeks, the gap is almost 8 seconds. When I first noticed the problem the server had been powered on for over a month and the gap was at 12 seconds.  Needless to say, this makes reading the packet capture and calculating response times very difficult.

     

    Please note that this server is a Virtual Machine. 

     

    Thanks,
    Danny Beutler


----------------------------------------------------------------------------

    _______________________________________________
    Winpcap-bugs mailing list
    Winpcap-bugs at winpcap.org
    https://www.winpcap.org/mailman/listinfo/winpcap-bugs



------------------------------------------------------------------------------


  _______________________________________________
  Winpcap-bugs mailing list
  Winpcap-bugs at winpcap.org
  https://www.winpcap.org/mailman/listinfo/winpcap-bugs
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.winpcap.org/pipermail/winpcap-bugs/attachments/20091210/9a0af17b/attachment-0001.htm 


More information about the Winpcap-bugs mailing list