[Winpcap-users] wireshark timing issue on server side
Black, Michael (IS)
Michael.Black2 at ngc.com
Tue Mar 1 09:51:42 PST 2011
It says in the link you sent that precision is 10-15 ms.
Sound to me like if the 2nd packet comes in less than 15ms it could be tagged with the same time.
Michael D. Black
Senior Scientist
NG Information Systems
Advanced Analytics Directorate
________________________________________
From: winpcap-users-bounces at winpcap.org [winpcap-users-bounces at winpcap.org] on behalf of tfcrowe at eircom.net [tfcrowe at eircom.net]
Sent: Tuesday, December 21, 2010 10:11 AM
To: winpcap-users at winpcap.org
Subject: EXT :[Winpcap-users] wireshark timing issue on server side
Can anyone shed some light on why I'm getting these timestamps which don't seem to make sense ...
Scenario: Client and server windows boxes. Latest wireshark installed on each. Tried simple file upload using filezilla from client to server. Server is a hosted box (probably virtualized environment) but I have taken account of this fix http://www.winpcap.org/pipermail/winpcap-bugs/2010-January/001153.html. Client connection goes out over office lan so I'm assuming wired connection all the way to the server.
Issue: During the FTP setup protocol, the PORT request received on the server has the same timestamp as the previous ftp request ("TYPE A"). How could this be?
More information about the Winpcap-users
mailing list