[Winpcap-users] Problems with timestamps
Juha Yli-Penttilä
juha.yli-penttila at tut.fi
Fri Jan 16 14:13:11 GMT 2009
Hi all,
I'm doing TCP RTT analysis for EGPRS connection. I have used Wireshark
1.5 + WinPcap 4.0.2 for capturing the logs files, but I encountered
some problems regarding timestamps. The problems seems to be in
timestamp resolution, that is, multiple packets are captured with the
same timestamp. An example:
613 30.734375
614 30.765625
615 30.765625
616 30.796875
617 30.828125
618 30.828125
619 30.859375
620 30.890625
621 30.890625
622 30.921875
623 30.953125
624 30.953125
It seems that timestamps are somehow rounded to certain values. That
is a problem when calculating RTT estimates, because data segment and
acknowledgement may have the same timestamp. I am using Windows XP
SP2. As far as I know, the timestamps have been ok in some older
Windows OS (maybe 98 or 2000). The timestamps seem to be ok also in
Linux. So basically my question is: is there an easy way the change
timestamp resolutions in Windows XP? Also, can somebody tell if some
other Windows OS (or other WinPcap) version suits my needs better or
is the easiest way to just use Linux? Thanks in advance.
PS. I am not so familiar with source code modifications or compiling
my own build, so by easy way I mean something else than those.
However, if source code modification is needed, instructions are
welcome.
--
Juha Yli-Penttilä
More information about the Winpcap-users
mailing list