Wireshark-bugs: [Wireshark-bugs] [Bug 3815] New: Same packet (receiver frame's time < sender fra
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3815
Summary: Same packet (receiver frame's time < sender frame's
time)
Product: Wireshark
Version: 1.2.0
Platform: Other
OS/Version: Windows XP
Status: NEW
Severity: Critical
Priority: Medium
Component: TShark
AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
ReportedBy: sysem85@xxxxxxxxx
Created an attachment (id=3467)
--> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=3467)
Sender & Receiver Captures
Build Information:
C:\Documents and Settings\stanley>tshark -v
NOTE: you should run 'diskperf -y' to enable the disk statistics
TShark 1.0.6 (SVN Rev 27387)
Copyright 1998-2009 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled with GLib 2.14.6, with WinPcap (version unknown), with libz 1.2.3,
without POSIX capabilities, with libpcre 7.0, with SMI 0.4.8, with ADNS, with
Lua 5.1, with GnuTLS 2.6.3, with Gcrypt 1.4.3, with MIT Kerberos.
Running on Windows XP Service Pack 2, build 2600, with WinPcap version 4.0.2
(packet.dll version 4.0.0.1040), based on libpcap version 0.9.5.
Built using Microsoft Visual C++ 6.0 build 8804
C:\Documents and Settings\stanley>
--
My machine is installed two interface cards(one send to another through the
public network),
i use tshark textmode to output the frame.time, ip.id (from the two captures at
the sender interface card and the receiver interface card ) in order to have
some calculations on the forward delay of the packet.
When i am doing so, i find that for the same packet(identified by the ip.id),
the receiver frame.time is less than sender frame.time. Therefore, my
calculated forward delay is negative, which is impossible.
Is it an error for wideshark to capture two interface card at the same time
independently in the same machine. Or else, is there any ways for me to use one
wideshark program to capture two interface card at the same time ?? Thx.
Attached is the .pcap of sender and .pcap of receiver.
Sender (T-shark command)
tshark -r ".pcap" -e ip.id -e frame.time -T fields "(ip.src == 137.189.97.29 &&
ip.dst == 121.203.47.237) &&(tcp.port == 10000 || tcp.port == 20000)"
Receiver ( T-shark command)
tshark -r ".pcap" -e ip.id -e frame.time -T fields "(ip.src == 137.189.97.29 &&
ip.dst == 121.203.47.237) && (tcp.port == 10000 || tcp.port == 20000)"
Result:
Sender
ip.id frame.time
0x4ae8 Apr 6, 2002 13:08:33.692715000
Receiver
ip.id frame.time
0x4ae8 Apr 6, 2002 13:08:33.687500000
Time Difference = -5.215 ms
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.