[Winpcap-users] Problems with timestamps
Gianluca Varenni
gianluca.varenni at cacetech.com
Wed Jan 21 01:16:26 GMT 2009
----- Original Message -----
From: "Juha Yli-Penttilä" <juha.yli-penttila at tut.fi>
To: <winpcap-users at winpcap.org>
Sent: Friday, January 16, 2009 6:13 AM
Subject: [Winpcap-users] Problems with timestamps
> Hi all,
>
> I'm doing TCP RTT analysis for EGPRS connection. I have used Wireshark
> 1.5 + WinPcap 4.0.2 for capturing the logs files, but I encountered some
> problems regarding timestamps. The problems seems to be in timestamp
> resolution, that is, multiple packets are captured with the same
> timestamp. An example:
>
> 613 30.734375
> 614 30.765625
> 615 30.765625
> 616 30.796875
> 617 30.828125
> 618 30.828125
> 619 30.859375
> 620 30.890625
> 621 30.890625
> 622 30.921875
> 623 30.953125
> 624 30.953125
>
> It seems that timestamps are somehow rounded to certain values. That is a
> problem when calculating RTT estimates, because data segment and
> acknowledgement may have the same timestamp. I am using Windows XP SP2.
> As far as I know, the timestamps have been ok in some older Windows OS
> (maybe 98 or 2000). The timestamps seem to be ok also in Linux. So
> basically my question is: is there an easy way the change timestamp
> resolutions in Windows XP? Also, can somebody tell if some other Windows
> OS (or other WinPcap) version suits my needs better or is the easiest way
> to just use Linux? Thanks in advance.
The problem affects sniffing all dialup/VPN connections. Packets are
actually captured by a Microsoft component (NetMon) and timestamped quite
late in the capture process. For the moment we use timestamps with a
precision in the order of 10-15ms. I need to look into it and see if it's
possible to use the native timestamps returned by NetMon.
Have a nice day
GV
>
> PS. I am not so familiar with source code modifications or compiling my
> own build, so by easy way I mean something else than those. However, if
> source code modification is needed, instructions are welcome.
>
> --
> Juha Yli-Penttilä
>
>
> _______________________________________________
> Winpcap-users mailing list
> Winpcap-users at winpcap.org
> https://www.winpcap.org/mailman/listinfo/winpcap-users
More information about the Winpcap-users
mailing list