[Winpcap-users] WinPCAP packets capture delay..

Gianluca Varenni gianluca.varenni at cacetech.com
Tue Sep 21 18:11:26 PDT 2010 

Alimjan,

I've tried the experiment that you posted, and I do see the "strange" delays 
that you are talking about. However, your experiment is not significant in 
the first place. In your test, you are injecting the packets with WinPcap 
itself. So you have no idea if the "strange delay" is introduced by the 
WinPcap transmitter or by the receiver.

Let's step back and analyze the whole issue. Correct me if any of the 
following statements is wrong.

- You have your custom ethernet hardware that is used to generate packets.
- your hardware is able to generate packets at a constant rate, and you can 
prove that the packets are transmitted at a constant rate with an 
oscilloscope.
- when you use a WinPcap-based app (e.g. wireshark) to capture packets, 
every now and then you see something weird in the timestamps. Instead of 
being all equally spaced, every now and then you see a big gap of some 
microseconds. For example you see 40us, 40us..., 10000us, 40us...

Here are my questions/suggestions:
- are you sure that NO packets are dropped on the receiver side?
- when you measure with the oscilloscope, are you 100% sure that you are 
looking at the gap between ALL the packets?
- how are you running your tests? What I would do is the following:
  + have your hardware transmitter generate a fixed number of packets (e.g. 
1 million). Put an incremental counter in every packet.
  + capture the packets with the winpcap-based app, and make sure that ALL 
the packets are received. If you didn't receive 1 million packets, check the 
incremental counter within each packet.
- you say that you encounter this issue on your laptop with XP/Vista/Win7. 
So always the same hardware (and NIC card).
- Do you see the same exact issue with another PC running a totally 
different NIC board (hint: use an intel one, they are extremely reliable in 
my experience)?

Have a nice day
GV






--------------------------------------------------
From: "Alimjan Kuramshin" <alimjankuramshin at gmail.com>
Sent: Tuesday, September 21, 2010 6:52 AM
To: <winpcap-users at winpcap.org>
Subject: Re: [Winpcap-users] WinPCAP packets capture delay..

>
> Hello, David!
>
>> Your oscilloscope is connected to the physical Ethernet cable, correct?
>
> Yes, that is wright.
>
>> By "delay" you mean what? Please define your "delay".
>
> I guess it is my mistake with word of 'delay'. Wireshark can show time 
> since previous packet was capture,
> from the view menu, submenu time format.. So that 'time' has huge spread. 
> And those 'delays' i mean that
> is a time from previous packet to next one and etc.
>
> I've see some post about time stamping problems, so i've try to do the 
> following:
>
> using Winpcap examples, i've write a small test program, when pcap_next_ex 
> return some packet i've send
> the same (or custom packet) back using pcap_sendpacket and using 
> oscilloscope discover that my packets
> on the RX+/- line (TX+/- for PC)  goes with some delays (wright word for 
> now).
> David, can You please see this Wireshark log: 
> http://www.winpcap.org/pipermail/winpcap-users/attachments/20100622/794818cb/attachment-0001.zip
>
> It is just example, i've tried to use some others MAC's and different 
> packets size, the same result :(
>
> With many thanks and best wishes, Alimjan Kuramshin..
>
>
>
>
> _______________________________________________
> Winpcap-users mailing list
> Winpcap-users at winpcap.org
> https://www.winpcap.org/mailman/listinfo/winpcap-users

More information about the Winpcap-users mailing list