[Winpcap-users] WinPCAP packets capture delay..

Alimjan Kuramshin alimjankuramshin at gmail.com
Mon Sep 20 08:12:34 PDT 2010


Hello, David! Thanks for reply..

Well, i'm trying to make an ethernet connection between my laptop, it's Asus G1S(Intel Core 2 2.2 Ghz RAM 2Gb, Realtek 8111B/8168B) 
with Windows SP SP3/Windows Vista/Windows7(i've got the same result on the all of them :( )
installed, and my custom device with an ethernet controller. So, when my device send data to the PC, i'm using the Wireshark to
capture incoming stream, and found those delays, using oscilloscope on TX+/- line i don't see any delays between the packets,
everything just fine. And delay is very strange i guess, for example(delays in us): .. .. 45 46 44 48 49 1200 44 48 44 46 49 42 50 1530 ..
and number of 'normal' delay between packets is very vary as delay itself, i can receive 200 packet with delay of 40-60 us and then i've got
huge timeout 1-3 ms, some times much greater, then 1000 packets normal and then again delay, so i can't see no logic with it.
From this point my question is: is it possible to archive stable receive with WinPCAP  during long period of transfer, i mean stable capture interval?! 

Thanks, bye bye..

P.S. i hope u can forgive my miss types and ugly english language and can understand my. And again many many thanks for Your time and answers!!

P.P.S. i'm using winpcap 4.1.2 and wireshark 1.4.0, well, i try many of them :( 

20.09.2010, в 4:06, Fish (David B. Trout) написал(а):

> You’re welcome.
>  
> As to your problem there might not be anything you can do about it. Then again however, there might be some things you can do to reduce the effect. Things like using Windows 7 (with its Timer Coalescing feature) instead of Windows XP. Disabling “SpeedStep” if your system supports it (so as to increase the accuracy of QueryPerformanceCounter which is what WinPCap uses to timestamp all its received packets with). You should also check to make sure you have the latest BIOS version installed too.
>  
> I doubt  it will help any (esp. if you’re using Windows 7 with its Timer Coalescing feature), BUT... you might try using  “timeBeginPeriod” and “timeEndPeriod”, which I’ve heard sometimes increases the accuracy of Windows’s timers.
>  
> Finally, many (if not all) of the issues listed in my post to yulou liu ("About the packets loss, what is the bottleneck?") quite likely apply in your case too. That is to say, if you’re doing using older single-processor hardware using an older version of Windows, etc, then it’s hardly surprising that the timestamps are inconsistent from one another. Windows can only do one thing at a time with only one processor, and even with multiple processors there are bottlenecks involved when you have unnecessary services running and/or unnecessary applications running.
>  
> If you’re truly interested in obtaining the most accurate timings possible I would use dedicated hardware specifically for that purpose (or at the very least a real-time operating system and not a consumer level operating system like Windows).
>  
> Describe your hardware and operating environment again?
> -- 
>   "Fish"  (David B. Trout) 
>     fish at softdevlabs.com
>  
> From: winpcap-users-bounces at winpcap.org [mailto:winpcap-users-bounces at winpcap.org] On Behalf Of Alimjan Kuramshin
> Sent: Sunday, September 19, 2010 5:46 AM
> To: winpcap-users at winpcap.org
> Subject: Re: [Winpcap-users] WinPCAP packets capture delay..
> Importance: High
>  
>  
> Hi, Devid! Maaany thanks for Your reply. NO, it's just an example MAC's, actually i'm using hardware MAC's. And one more thing, my PC (laptop) connected directly to the other PC (or custom device, it doesn't mater i guess).. 
> Many thanks for Your attention, i've spend about 6-8 month with this problem, and still no luck :(
>  
> 19.09.2010, в 15:25, Fish (David B. Trout) написал(а):
> 
> 
> FYI: be careful with the MAC address you choose.
>  
> Any MAC address with the 0x01 bit on in the first byte is considered an all-stations broadcast.
>  
> Is that what you actually intended to do?  Send 10,000 packets to ALL/every network adapter on your local network??  (if your host has more than one network adapter on the same physical network segment then they’ll both receive every packet.)
>  
> If you need a MAC address to test with, the IANNA has reserved the range 00-00-5E-00-00-00 through 00-00-5E-FF-FF-FF just for that purpose.
>  
> See the section “IANA ETHERNET ADDRESS BLOCK - UNICAST USE” (about 0.75 of the way down the web page) in the following document:
>  
>  http://www.iana.org/assignments/ethernet-numbers
> -- 
>   "Fish"  (David B. Trout) 
>     fish at softdevlabs.com
>  
> From: winpcap-users-bounces at winpcap.org [mailto:winpcap-users-bounces at winpcap.org] On Behalf Of Alimjan Kuramshin
> Sent: Saturday, September 18, 2010 2:33 PM
> To: winpcap-users at winpcap.org
> Subject: [Winpcap-users] WinPCAP packets capture delay..
> Importance: High
>  
> Hello!
>  
> Gianluca, can u run this code on Your machine and running the Wireshark save the log and send it to me, please..
> Is there any delays, i mean delays between the packets that Wireshark (winpcap) capture?
>  
> P.S. code from WinPcap documentation, sending packets, not one, but 10000 (or 1000000)..
>  
> #include <stdlib.h>
> #include <stdio.h>
>  
> #include <pcap.h>
>  
>  
> void main(int argc, char **argv)
> {
> pcap_t *fp;
> char errbuf[PCAP_ERRBUF_SIZE];
> u_char packet[100];
> int i;
> volatile int n_pkts = 10000; // 1000000
>  
>     /* Check the validity of the command line */
>     if (argc != 2)
>     {
>         printf("usage: %s interface (e.g. 'rpcap://eth0')", argv[0]);
>         return;
>     }
>     
>     /* Open the output device */
>     if ( (fp= pcap_open(argv[1],            // name of the device
>                         65536,                // portion of the packet to capture (only the first 100 bytes)
>                         PCAP_OPENFLAG_PROMISCUOUS,  // promiscuous mode
>                         1000,               // read timeout
>                         NULL,               // authentication on the remote machine
>                         errbuf              // error buffer
>                         ) ) == NULL)
>     {
>         fprintf(stderr,"\nUnable to open the adapter. %s is not supported by WinPcap\n", argv[1]);
>         return;
>     }
>  
>     /* Supposing to be on ethernet, set mac destination to 1:1:1:1:1:1 */
>     packet[0]=1;
>     packet[1]=1;
>     packet[2]=1;
>     packet[3]=1;
>     packet[4]=1;
>     packet[5]=1;
>     
>     /* set mac source to 2:2:2:2:2:2 */
>     packet[6]=2;
>     packet[7]=2;
>     packet[8]=2;
>     packet[9]=2;
>     packet[10]=2;
>     packet[11]=2;
>     
>     /* Fill the rest of the packet */
>     for(i=12;i<100;i++)
>     {
>         packet[i]=(u_char)i;
>     }
>  
>     while (n_pkts--)
>     /* Send down the packet */
>     if (pcap_sendpacket(fp, packet, 100 /* size */) != 0)
>     {
>         fprintf(stderr,"\nError sending the packet: %s\n", pcap_geterr(fp));
>         return;
>     }
>  
>     return;
> }
> /* EOF */
> Thanks, bye..
>  
>  
> _______________________________________________
> Winpcap-users mailing list
> Winpcap-users at winpcap.org
> https://www.winpcap.org/mailman/listinfo/winpcap-users
>  
> _______________________________________________
> Winpcap-users mailing list
> Winpcap-users at winpcap.org
> https://www.winpcap.org/mailman/listinfo/winpcap-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.winpcap.org/pipermail/winpcap-users/attachments/20100920/2be09f51/attachment-0001.htm 


More information about the Winpcap-users mailing list