[Winpcap-users] Re: Where does pcap capturing time come from?

Isara Anantavrasilp isara.a at gmail.com
Tue Aug 29 07:25:02 GMT 2006 

Thanks a lot!
This is exactly what I want to know: the clock.
It is pointless measuring the time from two different sources.
Now, I know which clock I should look at.

Thanks again!
Isara

On 8/29/06, Loris Degioanni <loris.degioanni at cacetech.com> wrote:
> Use QueryPerformanceCounter() from your application.
> On most (if not all) modern Windows kernels, QueryPerformanceCounter
> (and its kernel counterpart KeQueryPerformanceCounter)are essentially a
> call to the rdtsc x86 function, which returns the internal CPU clock
> counter.
>
> QueryPerformanceCounter is safe (and very precise) to use on single
> processor machines (even hyperthreaded or multicore), where you're
> accessing the same counter that the WinPcap driver uses to timestamp the
> packets.
> On SMP systems, the situation is a bit more complicated: you might be
> reading the timestamp of a different CPU that the driver used, and the
> clocks of the two CPUs might be drifting. Again, modern kernel
> implementations try to take care of the drifts and should guarantee a
> reasonable precision, but you'll have to try and see what you get.
>
> Loris
>
>
>
> Isara Anantavrasilp wrote:
> > According to this:
> > http://www.mail-archive.com/winpcap-users@winpcap.polito.it/msg02514.html
> >
> > I learned that pcap called KeQueryPerformanceCounter() to get clock
> > ticks since the system starts.
> > To me, that ticks is more useful than timeval.
> > How can I access the raw cpu time?
> >
> > -- Isara
> >
> > On 8/28/06, Isara Anantavrasilp <isara.a at gmail.com> wrote:
> >> Hi,
> >>
> >> There are two questions regarding the topic.
> >> 1) Winpcap gets you the capturing time in pcap_pkthdr. I would like to
> >> know what is the timestamp exactly?
> >> Is it the time when the packet pass through the network interface?
> >> And if so, it is in which network layer?
> >> As pcap can capture ethernet header, I believe this time is the time
> >> where outgoing packet is about to enter physical layer and incoming
> >> packets is about to enter from the physical layer.
> >>
> >>
> >> 2) I ran across this gettimeofday code:
> >> http://www.usenet.com/newsgroups/comp.ai.neural-nets/msg01068.html
> >> Is it the same algorithm as the way pcap got its timestamp?
> >>
> >> Thanks a lot!
> >> Isara Anantavrasilp
> >>
> > _______________________________________________
> > Winpcap-users mailing list
> > Winpcap-users at winpcap.org
> > https://www.winpcap.org/mailman/listinfo/winpcap-users
> >
> _______________________________________________
> Winpcap-users mailing list
> Winpcap-users at winpcap.org
> https://www.winpcap.org/mailman/listinfo/winpcap-users
>

More information about the Winpcap-users mailing list