[Winpcap-users] Re: Where does pcap capturing time come from?
Isara Anantavrasilp
isara.a at gmail.com
Wed Aug 30 07:40:11 GMT 2006
I would like to know one more thing,
after Pcap got the tick counts from KeQueryPerformanceCounter, how
does it convert to "current time"?
I need to implement exactly like it to make my comparison make sense.
-- Isara
On 8/29/06, Isara Anantavrasilp <isara.a at gmail.com> wrote:
> Thanks a lot!
> This is exactly what I want to know: the clock.
> It is pointless measuring the time from two different sources.
> Now, I know which clock I should look at.
>
> Thanks again!
> Isara
>
> On 8/29/06, Loris Degioanni <loris.degioanni at cacetech.com> wrote:
> > Use QueryPerformanceCounter() from your application.
> > On most (if not all) modern Windows kernels, QueryPerformanceCounter
> > (and its kernel counterpart KeQueryPerformanceCounter)are essentially a
> > call to the rdtsc x86 function, which returns the internal CPU clock
> > counter.
> >
> > QueryPerformanceCounter is safe (and very precise) to use on single
> > processor machines (even hyperthreaded or multicore), where you're
> > accessing the same counter that the WinPcap driver uses to timestamp the
> > packets.
> > On SMP systems, the situation is a bit more complicated: you might be
> > reading the timestamp of a different CPU that the driver used, and the
> > clocks of the two CPUs might be drifting. Again, modern kernel
> > implementations try to take care of the drifts and should guarantee a
> > reasonable precision, but you'll have to try and see what you get.
> >
> > Loris
> >
> >
> >
> > Isara Anantavrasilp wrote:
> > > According to this:
> > > http://www.mail-archive.com/winpcap-users@winpcap.polito.it/msg02514.html
> > >
> > > I learned that pcap called KeQueryPerformanceCounter() to get clock
> > > ticks since the system starts.
> > > To me, that ticks is more useful than timeval.
> > > How can I access the raw cpu time?
> > >
> > > -- Isara
> > >
> > > On 8/28/06, Isara Anantavrasilp <isara.a at gmail.com> wrote:
> > >> Hi,
> > >>
> > >> There are two questions regarding the topic.
> > >> 1) Winpcap gets you the capturing time in pcap_pkthdr. I would like to
> > >> know what is the timestamp exactly?
> > >> Is it the time when the packet pass through the network interface?
> > >> And if so, it is in which network layer?
> > >> As pcap can capture ethernet header, I believe this time is the time
> > >> where outgoing packet is about to enter physical layer and incoming
> > >> packets is about to enter from the physical layer.
> > >>
> > >>
> > >> 2) I ran across this gettimeofday code:
> > >> http://www.usenet.com/newsgroups/comp.ai.neural-nets/msg01068.html
> > >> Is it the same algorithm as the way pcap got its timestamp?
> > >>
> > >> Thanks a lot!
> > >> Isara Anantavrasilp
> > >>
> > > _______________________________________________
> > > Winpcap-users mailing list
> > > Winpcap-users at winpcap.org
> > > https://www.winpcap.org/mailman/listinfo/winpcap-users
> > >
> > _______________________________________________
> > Winpcap-users mailing list
> > Winpcap-users at winpcap.org
> > https://www.winpcap.org/mailman/listinfo/winpcap-users
> >
>
More information about the Winpcap-users
mailing list