Wireshark-dev: Re: [Wireshark-dev] A question about how to improve the time resolutionof ARRIVA
From: "Gianluca Varenni" <[email protected]>
Date: Mon, 19 May 2008 10:04:26 -0700
Packets are not timestamped by Wireshark. They are timestamped by the WinPcap driver. In case of the AirPcap adapters, each packets ships with two timestamps, one generated by the driver (in the bpf/pcap header) and one generated by the hardware within the PPI/radiotap header.
You cannot improve timestamp precision to nanosecond in software, you need to have the hardware timestamp your packets.
Have a nice day
----- Original Message -----
From: John Wang
Sent: Monday, May 19, 2008 9:06 AM
Subject: [Wireshark-dev] A question about how to improve the time resolutionof ARRIVAL TIME?

I'm trying to improve the time accuracy of ARRIVAL TIME which is the time when a wireless frame is captured by Wireshark. In original Wireshark program, the time resolution is micro-second, but I want to improve it to nano-second for special applications.
As what I'm thinking, when a frame is captured by Wireshark through WinPcap, the capture program of Wireshark calls a timer at the same time, and records the value of the timer as the arrival time. So I want to use an Enhanced Timer to instead of the normal timer to record the arrival time. Cause Enhanced Timer can provide a constant, high accuracy time in nano-second, I can improve the time accuracy of Arrival Time to nano-second.
So the key point is to find out which code sections are used to call the timer to record the ARRIVAL TIME. I read the documents, especially README.capture. But seems to me, it's very unclear about the process of the wireless frame capture, it only gives a brief introduction. I have narrowed the searching area to following files, but there are still thousands of lines code need to be read. And things may be worse that what I'm thinking is wrong, actually the code sections calling timer are in other files. If anyone knows the positions of these specific code sections or has some experience, I need your help.
Following is the suspected files:
packet-ieee80211.c   /*I'm going to use Wireshark to capture 802.11 wireless network frames, */
packet-ieee80211.h   /* that's why I specify these two dissector files                                       */
Thanks for your patience to read through this mail. Any suggestions coming from you will  give me great help.

Wireshark-dev mailing list
[email protected]