On Sat, Jul 21, 2001 at 11:26:24AM +0200, Bernhard Werner wrote:
> Env: linux SuSE 7.2 Kernel 2.4.1
>
> I tried to used ethereal - but I got many packets with the same
> timestamp.
> The max resolution I could see was 0.010000 seconds
> This looks to me like "jiffies" 100Hz instead of gettimeofday() or
> something similar.
>
> Is there a way to get a better timestamp resolution - what am I doing
> wrong?
I suspect what you're doing wrong is using a 2.4.1 kernel.
Ethereal gets its time stamp from libpcap, and libpcap gets its time
stamp from the kernel; neither one of them are in control of the
resolution of the time stamp - they get what the kernel gives them, and
they live with it. (Neither of them get the time stamp with
"gettimeofday()".)
See the following messages:
http://www.tcpdump.org/lists/workers/2001/07/msg00072.html
http://www.tcpdump.org/lists/workers/2001/07/msg00073.html
http://www.tcpdump.org/lists/workers/2001/07/msg00074.html
http://www.tcpdump.org/lists/workers/2001/07/msg00075.html
http://www.tcpdump.org/lists/workers/2001/07/msg00080.html
from the tcpdump-workers mailing list; the last of them, and the one in
the middle, both suggest that later kernels, e.g. 2.4.4 and 2.4.5, may
not have this problem.
