> The time data displayed as part of the "Frame" section only has a
> resolution to 1ms even though the number of digits displayed would
> indicate that it is accurate to 1 microsecond.
The unit of time stamps in most UNIX packet capture mechanisms, and in
the WinPcap capture mechanism, is one microsecond (time stamps are
supplied as UNIX-style "struct timeval" values, with a count of seconds
since January 1, 1970, 00:00:00 GMT, and a count of microseconds since
the beginning of that second).
However, there's no guarantee that the timer in the OS used by the
packet capture mechanism is actually that precise. I think most UNIXes,
and possibly Windows NT, have a time variable that's updated once per
clock interrupt, and clock interrupts typically occur once every 1 to 10
milliseconds, I suspect.
On modern hardware, there's typically a high-resolution timer; there
may, in the OS kernel, be a way of reading that timer, and perhaps even
a routine that reads it and combines the result with the time variable
to give a high-precision time stamp.
Whether the packet capture mechanism on the OS in question uses it is
another matter.
In any case, neither Ethereal nor Tethereal nor tcpdump nor... can
extract from the packet capture mechanism time stamps with greater
precision thatn said mechanism is willing to deliver, so if you want
higher-precision time stamps, you'd have to get whoever supplies the OS
kernel or packet capturing mechanism to use whatever mechanism is
necessary to get it to supply higher-precision time stamps.
