[Winpcap-users] Re: Where does pcap capturing time come from?
Loris Degioanni
loris.degioanni at cacetech.com
Tue Aug 29 05:31:49 GMT 2006
Use QueryPerformanceCounter() from your application.
On most (if not all) modern Windows kernels, QueryPerformanceCounter
(and its kernel counterpart KeQueryPerformanceCounter)are essentially a
call to the rdtsc x86 function, which returns the internal CPU clock
counter.
QueryPerformanceCounter is safe (and very precise) to use on single
processor machines (even hyperthreaded or multicore), where you're
accessing the same counter that the WinPcap driver uses to timestamp the
packets.
On SMP systems, the situation is a bit more complicated: you might be
reading the timestamp of a different CPU that the driver used, and the
clocks of the two CPUs might be drifting. Again, modern kernel
implementations try to take care of the drifts and should guarantee a
reasonable precision, but you'll have to try and see what you get.
Loris
Isara Anantavrasilp wrote:
> According to this:
> http://www.mail-archive.com/winpcap-users@winpcap.polito.it/msg02514.html
>
> I learned that pcap called KeQueryPerformanceCounter() to get clock
> ticks since the system starts.
> To me, that ticks is more useful than timeval.
> How can I access the raw cpu time?
>
> -- Isara
>
> On 8/28/06, Isara Anantavrasilp <isara.a at gmail.com> wrote:
>> Hi,
>>
>> There are two questions regarding the topic.
>> 1) Winpcap gets you the capturing time in pcap_pkthdr. I would like to
>> know what is the timestamp exactly?
>> Is it the time when the packet pass through the network interface?
>> And if so, it is in which network layer?
>> As pcap can capture ethernet header, I believe this time is the time
>> where outgoing packet is about to enter physical layer and incoming
>> packets is about to enter from the physical layer.
>>
>>
>> 2) I ran across this gettimeofday code:
>> http://www.usenet.com/newsgroups/comp.ai.neural-nets/msg01068.html
>> Is it the same algorithm as the way pcap got its timestamp?
>>
>> Thanks a lot!
>> Isara Anantavrasilp
>>
> _______________________________________________
> Winpcap-users mailing list
> Winpcap-users at winpcap.org
> https://www.winpcap.org/mailman/listinfo/winpcap-users
>
More information about the Winpcap-users
mailing list