On Wed, Dec 24, 2003 at 10:53:44AM -0500, Dinkar Bhat wrote:
> With this second solution, there still seems to be an issue. I looked at
> the timestamps reported on
> Ethereal and they seem to be upto microsecond precision. Hence, if my
> clock is high precision,
> can Ethereal report any better than microseconds?
Ethereal gets the time stamps from the capture file. The standard
format it uses for its own captures is libpcap (tcpdump) format, which
stores time stamps in seconds-and-microseconds.
It might be possible to
1) have the tool doing the packet capturing store it in some
format that happens to support higher-resolution time stamps
and
2) add support for that format to Ethereal (if it doesn't
already support it), and modify the Wiretap code in Ethereal
to supply seconds/nanoseconds time stamps (which should
probably include changes not to use Wiretap when Ethereal is
capturing, so it doesn't convert the seconds/microseconds
time stamps libpcap supplies to seconds/nanoseconds time
stamps to hand to Wiretap and then have Wiretap convert back
to seconds/microseconds when writing the file).
1), however, requires that you be able to get the higher-resolution time
stamps from the OS. I don't know of any OS (other than AIX) whose
native OS capture mechanism supplies seconds/nanoseconds packet time
stamps.
