Wireshark-dev: Re: [Wireshark-dev] A question about how to improve the time resolution of ARRIV
From: "Luis EG Ontanon" <[email protected]>
Date: Mon, 19 May 2008 18:30:13 +0200
To obtain nanosecond (1e-9) precision with a PC running windows is
possible... To  have <1ms (1e-3) variance for timestamps on windows
(and most unices as well) is utopy. AFAIK not even with QNX you can
get close to us (1e-6).

Machines that do capture with ns precision actually do so directly in
the line interfaces, that is the modules they use to capture timestamp
the frames before passing them to the following module(s).

So what you want to do probably requires to modify hardware first.

On Mon, May 19, 2008 at 6:06 PM, John Wang <[email protected]> wrote:
> Hi,
> I'm trying to improve the time accuracy of ARRIVAL TIME which is the time
> when a wireless frame is captured by Wireshark. In original Wireshark
> program, the time resolution is micro-second, but I want to improve it to
> nano-second for special applications.
> As what I'm thinking, when a frame is captured by Wireshark through WinPcap,
> the capture program of Wireshark calls a timer at the same time, and records
> the value of the timer as the arrival time. So I want to use an Enhanced
> Timer to instead of the normal timer to record the arrival time. Cause
> Enhanced Timer can provide a constant, high accuracy time in nano-second, I
> can improve the time accuracy of Arrival Time to nano-second.
> So the key point is to find out which code sections are used to call the
> timer to record the ARRIVAL TIME. I read the documents, especially
> README.capture. But seems to me, it's very unclear about the process of the
> wireless frame capture, it only gives a brief introduction. I have narrowed
> the searching area to following files, but there are still thousands of
> lines code need to be read. And things may be worse that what I'm thinking
> is wrong, actually the code sections calling timer are in other files. If
> anyone knows the positions of these specific code sections or has some
> experience, I need your help.
> Following is the suspected files:
> capture-pcap-util-int.h
> capture-pcap-util.h
> capture-pcap-util.c
> capture-wpcap.c
> capture-wpcap.h
> capture.c
> capture.h
> capture_info.c
> capture_info.h
> capture_opts.c
> capture_opts.h
> packet-ieee80211.c   /*I'm going to use Wireshark to capture 802.11 wireless
> network frames, */
> packet-ieee80211.h   /* that's why I specify these two dissector files
>                                 */
> Thanks for your patience to read through this mail. Any suggestions coming
> from you will  give me great help.
> Cheers
> John
> _______________________________________________
> Wireshark-dev mailing list
> [email protected]
> http://www.wireshark.org/mailman/listinfo/wireshark-dev

This information is top security. When you have read it, destroy yourself.
-- Marshall McLuhan