Wireshark-users: Re: [Wireshark-users] Time synchronization for capturing packets
: "Bartosz Kiziukiewicz" <kiziuk@xxxxxxxxx
: Thu, 25 Aug 2011 12:15:43 +0200
the problem with w32time service is that:
- it is only a client, so I still need to synchronize to some external
- "We do not guarantee and we do not support the accuracy of the W32Time
service between nodes on a network."
The better solution would be to use apps such as OpenNTPD but it still
requires additional setup.
To be frank, the best solution would be to have Precision Time Protocol
server/client built into a Wireshark and a magic button "Synchronize
But I doubt it is available ;-)
On Thu, 25 Aug 2011 11:56:38 +0200, Graham Bloice
On 25/08/2011 10:30, Bartosz Kiziukiewicz wrote:
I was wondering what would be the best solution for solving following
I'm using two or more separate Windows machines for capturing traffic
few network points.
The problem is that every machine has a different RTC time (even if the
difference is a few seconds).
That complicates the correct correlation of traffic dumps.
What would be the best way to solve it?
I was thinking about some external time synchronization between
However that would require additional network wiring and a separate NIC
Also it would require to run some local SNTP software.
My concern also is that it will not allow a precise enough
due to the nature of Windows OS.
As I recall, the timestamp of the pcap packet is given by the WinPcap
driver, not the Wireshark itself.
Are there any other, better ways to do it?
Windows has built-in facilities to synchronise the time between machines.
Have a look at what the w32tm executable can do for you:
Later versions of windows add more functionality to the command.