[Winpcap-users] time drift / Windows

Helmut Vaupotitsch hv at itec-audio.com
Sun Apr 15 21:57:51 PDT 2012


Hi Stuart,
I faced the same problems and i don´t think that anyone is more or less 
accurate after some days.
Since 2 years, i stamp each captured packet by myself (My app runs NPF 
for weeks)

best Regards
Helmut

Stuart Kendrick schrieb:
> So, I have a rough grasp of the trade-offs involved in WinPCap's concept
> of time, mostly from googling for "winpcap, time drift, gianluca
> verenni" and reading the result ... this is an issue which has appeared
> on various lists across the last decade or so ... and at root involves
> some stickiness in the options which Windows offers for tracking time
>
> http://seclists.org/wireshark/2012/Apr/85
> http://seclists.org/wireshark/2010/Aug/311
>
> As far as I can tell, twinking with the Registry as below doesn't help
> -- time still drifts (~30 seconds after two days, in the one test I've
> run), even with TimestampMode set to '2'
>
> Does anyone believe differently?  i.e. is anyone successfully running
> NPF across multiple days with Winpcap time synced to system time within
> a second or so?
>
> HKLM\System\CurrentControlSet\Services\NPF\TimestampMode
>
> Possible values are
> 0 (default) -> Timestamps generated through KeQueryPerformanceCounter, less 
> reliable on SMP/HyperThreading machines, precision = some microseconds
> 2 -> Timestamps generated through KeQuerySystemTime, more reliable on 
> SMP/HyperThreading machines, precision = scheduling quantum (10/15 ms)
> 3 -> Timestamps generated through the i386 instruction RDTSC, less reliable 
> on SMP/HyperThreading/SpeedStep machines, precision = some microseconds
>
>
> Winpcap 4.1.2
> Win7 Enterprise 64 bit
> Wireshark 1.7.1
>
> --sk
>
> Stuart Kendrick
> FHCRC
> _______________________________________________
> Winpcap-users mailing list
> Winpcap-users at winpcap.org
> https://www.winpcap.org/mailman/listinfo/winpcap-users
>
>   

-- 
----------------------------------------------------------------
Ing. Helmut Vaupotitsch        Phone:  +43 (0)3133 3780 16
ITEC Tontechnik und            Fax:    +43 (0)3133 3780 9
Industrieelektronik GmbH       E-mail: hv at itec-audio.com
A-8200 Lassnitzthal 300        URL:    http://www.itec-audio.com
----------------------------------------------------------------



More information about the Winpcap-users mailing list