Wireshark · Ethereal-users: Re: [Ethereal-users] incorrect packet arrival time.

Ethereal-users: Re: [Ethereal-users] incorrect packet arrival time.

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <gharris@xxxxxxxxx>

Date: Mon, 6 May 2002 03:20:56 -0700

On Mon, May 06, 2002 at 01:26:19PM +0530, Rajesh Chundi wrote:
> we are getting erroneous packet arrival time for packets, as can be seen
> from the output below:
> 
> Some packets are originating with the correct time ( May 6 ) ; but some
> packet are getting originated with wrong time ( May 5).
> 
> The same happens even for consecutive packets with identical source and
> destination IP address.
> 
> Where do these packets get the timing info from.

If you are capturing packets with Ethereal, the packet time stamps come
from libpcap/WinPcap, as that's the library Ethereal uses to do packet
capture.

Libpcap (on UNIX) gets time stamps from the OS's packet capture
mechanism; WinPcap (on Windows) gets time stamps from the WinPcap
driver, which again gets them from the OS.

If you are reading a capture file from some other capture program, the
timing information comes from wherever that capture program gets it.  If
the capture program uses libpcap/WinPcap (as, for example,
tcpdump/WinDump does), the answers above apply; otherwise, you'd have to
ask the supplier of that capture program.

So this is not an Ethereal issue; if the packets are being captured with
Ethereal, or some other program using libpcap/WinPcap, you would have to

	ask whoever supplied the OS, if you are running Ethereal on some
	UNIX-flavored OS (Linux, {Free,Net,Open}BSD, Darwin/MacOS X,
	Solaris, HP-UX, AIX, Digital UNIX, IRIX, etc.);

	ask the winpcap-users mailing list, or submit this as a bug to
	winpcap-bugs:

		http://winpcap.polito.it/contact.htm

	if you are running Ethereal on Windows.

Make sure you supply all details to whoever you ask, such as:

	the version of the kernel you're using, the version of the
	distribution you're using, and the version of libpcap you're
	using, if you're running on a Linux distribution;

	the version of the OS you're using, and the version of libpcap
	you're using, if you're running on some other UNIX-flavored OS;

	the version of Windows you're using, and the version of WinPcap
	you're using, if you're running on Windows.

References:
- [Ethereal-users] incorrect packet arrival time.
  - From: Rajesh Chundi

Prev by Date: RE: [Ethereal-users] Brand new
Next by Date: Re: [Ethereal-users] Brand new
Previous by thread: [Ethereal-users] incorrect packet arrival time.
Next by thread: [Ethereal-users] richiesta autorizzazione pubblicazione software
Index(es):
- Date
- Thread

Riverbed Cascade Pilot: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed AirPcap: Complete Visibility of Your Wireless Networks; Multi-Channel, Aggregated Analysis; Portable and Versatile; Easy to Setup and Easy to Use; Ready to Power Your Application

$Riverbed TurboCap: Full-Speed GbE Capture; Port Aggregation; Pass-thru Mode; Aggregating Tap; Full-Speed GbE Injection; Exported Interfaces; TurboCap API Developer\'s Pack$