Wireshark · Wireshark-dev: Re: [Wireshark-dev] FW: Accuracy of wireshark

[Jaap Keuter <jaap.keuter@xxxxxxxxx>]

Hi,

I don't know of anyone who has done validation of Wireshark in this regard. Even 
if they did I will be thrown out, because it's the capture engine that 
timestamps the frames, not Wireshark. Please study the design of Wireshark[1]
and WinPcap[2] a little closer to understand the difference.

As of WinPcap, again look into the documents listed[2] (you should have no 
problem reading them), or contact the designers at Riverbed, WinPcap home.

Thanks,
Jaap

[1] http://www.wireshark.org/docs/wsdg_html_chunked/ChWorksOverview.html
[2] http://www.winpcap.org/docs/default.htm


On 10/10/2012 09:41 AM, Marinucci Elisabetta wrote:
> Dear Jaap
> thanks for your answer.
>
> I'd like to add some information to explain better.
> My accuracy can be in ms (I don't need ns) because my requirements are
>
> Delta time<= 150 ms
> Delta time<= 100 ms
> Delta time<= 50 ms
>
> My problem is only to convince other people that Wireshark is a right tool to verify that time requirements are respected.
> Moreover I need to convince them that we can analyze all the packets on the interface with Wireshark and analyze the TCP data field.
>
> Do you have any Test Report or papers you have written containing your results during validation of Wireshark I can use to do this?
>
> Thanks a lot for your help.
>
> Best Regards
>
> Elisabetta Marinucci
>
> Mobile: +39 335 570 9014
> e-mail: elisabetta.marinucci@xxxxxxxxxxxxxx
>
>
> Prima di stampare questa comunicazione consideratene, per favore, l'impatto ambientale
> Please consider the environment before printing this email
>
>
>
> -----Original Message-----
> From: Jaap Keuter [mailto:jaap.keuter@xxxxxxxxx]
> Sent: marted� 9 ottobre 2012 22.12
> To: Developer support list for Wireshark; Marinucci Elisabetta
> Subject: Re: [Wireshark-dev] FW: Accuracy of wireshark
>
> Hi,
>
> If you want to have high precision guaranteed capture then go with a hardware solution. Turbocap would be something I would look at:
> http://www.riverbed.com/us/products/cascade/wireshark_enhancements/turbocap.php
>
> Thanks,
> Jaap
>
>
> On 10/09/2012 11:46 AM, Marinucci Elisabetta wrote:
> > Dear all
> >
> > we'd like to use wireshark tool to validate our network system in
> > terms of packets exchanged and time.
> >
> > We will need to verify that certain packets are exchanged and verify
> > the time between request and response on Ethernet interface on PC with
> > Windows server
> > 2003 syncronized by NTP version 4 with a GPS server.
> >
> > Do you have any Test Report or document that qualify the tool in term
> > of its correct work?
> >
> > Do you have any document or Test Report that demonstrates that
> > wireshark is able to capture all the packets exchanged and to measure
> > the time difference with correct accuracy?
> >
> > Thanks a lot for your help.
> >
> > Best Regards
> >
> > *Elisabetta Marinucci*