Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Ethereal-users: Re: [Ethereal-users] Delta Time

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Guy Harris <guy@xxxxxxxxxx>
Date: Tue, 6 Aug 2002 11:50:18 -0700
On Tue, Aug 06, 2002 at 07:06:29PM +0100, M�nica wrote:
> How can i see, if it's possible to see it,  Delta Time in Ethereal???

What do you mean by "delta time"?  It's a difference between two times -
but *which* times?

Ethereal can, in the summary pane (the first pane, with the list of
packets), display the time stamp as:

	1) the time of day when the packet arrived;

	2) the date and time of day when the packet arrived;

	3) a time, in seconds and fractional seconds, since the first
	   packet in the capture;

	4) a time, in seconds and fractional seconds, since the previous
	   packet in the display. 

If by "delta time" you mean the time between packets in the display,
i.e. item 4 in that list, you'd:

	go to the "Display" menu on the menu bar;

	select "Options";

	in the dislog box that appears, select "Seconds since previous
	frame";

	click "OK".

Ethereal also displays, in the protocol tree pane (the second pane, with
decoded information for the currently-selected packet):

	the time and date when the packet arrived (item 2 above);

	the time delta from the previous packet (item 4 above);

	the time delta from the first packet in the capture (item 3
	above).

Some request-response protocols also display, in the protocol tree for a
reply, the time in seconds and fractional seconds between the request
and the reply.

> How is it measured??'

Ethereal computes it by subtracting the packet time stamps.

The packet time stamps come from the capture file.

The times in the capture file come from whatever mechanism the program
that produced the capture file uses to compute time stamps.  If you're
capturing with Ethereal, the packet capture mechanism probably uses a
combination of the time-of-day clock on the computer on which Ethereal
is running, and whatever form of high-resolution timer the machine has
and the OS supports, to get the time stamp.

The networking code is typically what gets the time stamp on the packet,
so it'll be the time when the networking code sees the packet; if
there's a delay between the packet arriving at the network adapter and
the operating system networking code processing the packet, that means
that the time stamp will *not* be the time at which the packet arrived
at the network adapter.  There is nothing whatsoever Ethereal can do to
change that.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube