[Winpcap-users] WinPCAP packets capture delay..
Fish" (David B. Trout
fish at infidels.org
Sun Sep 19 17:06:27 PDT 2010
You're welcome.
As to your problem there might not be anything you can do about it. Then
again however, there might be some things you can do to reduce the effect.
Things like using Windows 7 (with its Timer Coalescing feature) instead of
Windows XP. Disabling "SpeedStep" if your system supports it (so as to
increase the accuracy of QueryPerformanceCounter which is what WinPCap uses
to timestamp all its received packets with). You should also check to make
sure you have the latest BIOS version installed too.
I doubt it will help any (esp. if you're using Windows 7 with its Timer
Coalescing feature), BUT... you might try using "timeBeginPeriod" and
"timeEndPeriod", which I've heard sometimes increases the accuracy of
Windows's timers.
Finally, many (if not all) of the issues listed in my post to yulou liu
("About the packets loss, what is the bottleneck?") quite likely apply in
your case too. That is to say, if you're doing using older single-processor
hardware using an older version of Windows, etc, then it's hardly surprising
that the timestamps are inconsistent from one another. Windows can only do
one thing at a time with only one processor, and even with multiple
processors there are bottlenecks involved when you have unnecessary services
running and/or unnecessary applications running.
If you're truly interested in obtaining the most accurate timings possible I
would use dedicated hardware specifically for that purpose (or at the very
least a real-time operating system and not a consumer level operating system
like Windows).
Describe your hardware and operating environment again?
--
"Fish" (David B. Trout)
fish at softdevlabs.com
From: winpcap-users-bounces at winpcap.org
[mailto:winpcap-users-bounces at winpcap.org] On Behalf Of Alimjan Kuramshin
Sent: Sunday, September 19, 2010 5:46 AM
To: winpcap-users at winpcap.org
Subject: Re: [Winpcap-users] WinPCAP packets capture delay..
Importance: High
Hi, Devid! Maaany thanks for Your reply. NO, it's just an example MAC's,
actually i'm using hardware MAC's. And one more thing, my PC (laptop)
connected directly to the other PC (or custom device, it doesn't mater i
guess)..
Many thanks for Your attention, i've spend about 6-8 month with this
problem, and still no luck :(
19.09.2010, в 15:25, Fish (David B. Trout) написал(а):
FYI: be careful with the MAC address you choose.
Any MAC address with the 0x01 bit on in the first byte is considered an
all-stations broadcast.
Is that what you actually intended to do? Send 10,000 packets to ALL/every
network adapter on your local network?? (if your host has more than one
network adapter on the same physical network segment then they'll both
receive every packet.)
If you need a MAC address to test with, the IANNA has reserved the range
00-00-5E-00-00-00 through 00-00-5E-FF-FF-FF just for that purpose.
See the section "IANA ETHERNET ADDRESS BLOCK - UNICAST USE" (about 0.75 of
the way down the web page) in the following document:
http://www.iana.org/assignments/ethernet-numbers
--
"Fish" (David B. Trout)
fish at softdevlabs.com
From: winpcap-users-bounces at winpcap.org
[mailto:winpcap-users-bounces at winpcap.org] On Behalf Of Alimjan Kuramshin
Sent: Saturday, September 18, 2010 2:33 PM
To: winpcap-users at winpcap.org
Subject: [Winpcap-users] WinPCAP packets capture delay..
Importance: High
Hello!
Gianluca, can u run this code on Your machine and running the Wireshark save
the log and send it to me, please..
Is there any delays, i mean delays between the packets that Wireshark
(winpcap) capture?
P.S. code from WinPcap documentation, sending packets, not one, but 10000
(or 1000000)..
#include <stdlib.h>
#include <stdio.h>
#include <pcap.h>
void main(int argc, char **argv)
{
pcap_t
<http://www.winpcap.org/docs/docs_412/html/group__wpcap__def.html#ga4711d025
f83503ce692efa5e45ec60a7> *fp;
char errbuf[PCAP_ERRBUF_SIZE
<http://www.winpcap.org/docs/docs_412/html/group__wpcap__def.html#gacd448353
957d92c98fccc29e1fc8d927> ];
u_char packet[100];
int i;
volatile int n_pkts = 10000; // 1000000
/* Check the validity of the command line */
if (argc != 2)
{
printf("usage: %s interface (e.g. 'rpcap://eth0')", argv[0]);
return;
}
/* Open the output device */
if ( (fp= pcap_open
<http://www.winpcap.org/docs/docs_412/html/group__wpcapfunc.html#ga2b64c7b64
90090d1d37088794f1f1791> (argv[1], // name of the device
65536, // portion of the packet to
capture (only the first 100 bytes)
PCAP_OPENFLAG_PROMISCUOUS
<http://www.winpcap.org/docs/docs_412/html/group__remote__open__flags.html#g
a9134ce51a9a6a7d497c3dee5affdc3b9> , // promiscuous mode
1000, // read timeout
NULL, // authentication on the remote
machine
errbuf // error buffer
) ) == NULL)
{
fprintf(stderr,"\nUnable to open the adapter. %s is not supported by
WinPcap\n", argv[1]);
return;
}
/* Supposing to be on ethernet, set mac destination to 1:1:1:1:1:1 */
packet[0]=1;
packet[1]=1;
packet[2]=1;
packet[3]=1;
packet[4]=1;
packet[5]=1;
/* set mac source to 2:2:2:2:2:2 */
packet[6]=2;
packet[7]=2;
packet[8]=2;
packet[9]=2;
packet[10]=2;
packet[11]=2;
/* Fill the rest of the packet */
for(i=12;i<100;i++)
{
packet[i]=(u_char)i;
}
while (n_pkts--)
/* Send down the packet */
if (pcap_sendpacket
<http://www.winpcap.org/docs/docs_412/html/group__wpcapfunc.html#ga51dbda0f1
ab9da2cfe49d657486d50b2> (fp, packet, 100 /* size */) != 0)
{
fprintf(stderr,"\nError sending the packet: %s\n", pcap_geterr
<http://www.winpcap.org/docs/docs_412/html/group__wpcapfunc.html#ga81305cb15
4e4497e95bbb9b708631a3a> (fp));
return;
}
return;
}
/* EOF */
Thanks, bye..
_______________________________________________
Winpcap-users mailing list
Winpcap-users at winpcap.org
https://www.winpcap.org/mailman/listinfo/winpcap-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.winpcap.org/pipermail/winpcap-users/attachments/20100919/9e6b2db6/attachment-0001.htm
More information about the Winpcap-users
mailing list