On Dec 3, 2015, at 2:53 PM, Richard Kinder <rkinder@xxxxxxxxxxxxx> wrote:
> From what I can see, peektagged has no TSF timestamp
The "Peek tagged" format (to use WildPackets^WSavvius's name for it) *does* support TSF time stamps; whether a given capture will have them is another matter.
> (I've yet to . My understanding is airopeek etc. will use hardware timestamps when available, which have much better resolution and accuracy than the TSF.
"Use" for what purpose?
There's "the time the packet arrived", which might be an accurate time stamp from the network adapter or a less-accurate time stamp based on when the software saw the packet, and which should reflect the calendar date and wall clock time at which the packet arrived at some point, and there's the TSF timestamp, which needn't reflect the calendar date and wall-clock time.
pcap and pcapng already support "the time the packet arrived", as do both "Peek classic" and "Peek tagged", and they do so for all link-layer types. "Peek tagged" and pcap/pcapng with radiotap headers support the TSF time stamp; "Peek classic" doesn't.
