[Winpcap-users] WinPCAP packets capture delay..
Fish" (David B. Trout
fish at infidels.org
Wed Sep 22 02:10:37 PDT 2010
Alimjan Kuramshin wrote:
(rearranged for clarity)
> David, can You please see this Wireshark log:
> http://www.winpcap.org/pipermail/winpcap-
> users/attachments/20100622/794818cb/attachment-0001.zip
Yes, I can see what you are talking about.
> using Winpcap examples, i've write a small test program,
> when pcap_next_ex return some packet i've send the same
> (or custom packet) back using pcap_sendpacket
Whoa! Stop! Why are you doing that?!
If you are trying to measure the accuracy of WinPCap's timestamp, then you
should just do the following:
1. Send a series of custom packets (using pcap_sendpacket). Each packet
should have a unique "packet number" in its payload (data). This is so you
can uniquely identify each packet.
2. Use oscilloscope to measure and record the exact delay between each
packet on the wire.
3. Capture those same packets on a completely different computer (i.e. a
computer that is NOT the one that is sending them).
4. Use Wireshark to view the timestamp that the receiving (capturing) system
assigned to it.
5. Verify that the same delay(s) seen physically (via your oscilloscope
recording) are the same delays on the captured packets as shown by
Wireshark.
I'm confused why you are sending what you are receiving? You should be
sending on one computer and receiving on another. That's it. Nothing more.
Just send on one computer and capture on another, with the oscilloscope in
between.
What you've written above ("when pcap_next_ex return some packet i've send
the same ... back using pcap_sendpacket") seems to imply you are measuring
something completely different from what I thought you were measuring.
--
"Fish" (David B. Trout)
fish at softdevlabs.com
More information about the Winpcap-users
mailing list