This Version of tshark and OS were used to capture the traces:
---------------------------------------------------------------------------------
TShark 1.0.5 (SVN Rev 26954)
Copyright 1998-2008 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled with GLib 2.14.6, with WinPcap (version unknown), with libz 1.2.3,
without POSIX capabilities, with libpcre 7.0, with SMI 0.4.8, with ADNS,
with
Lua 5.1, with GnuTLS 2.3.8, with Gcrypt 1.4.1, with MIT Kerberos.
Running on Windows 2000 Service Pack 4, build 2195, with WinPcap version
4.0.2
(packet.dll version 4.0.0.1040), based on libpcap version 0.9.5.
Built using Microsoft Visual C++ 6.0 build 8804
---------------------------------------------------------------------------------
Regards,
Alex
Ivan Heninger schrieb:
Is your the platform Linux on multi-core CPU ? I think negative time
is possible on some multi-core CPUs depending on the hardware source
for the precision software timer. Use of the TSC source, rather than
the linux default pmtimer, can yield better software performance but
can also lead to a time offset between to cores in the same CPU.
Ivan Heninger
IBM Software Group
Inactive hide details for Sake Blok ---12/29/2008 12:00:54 PM---On
Mon, Dec 29, 2008 at 04:27:44PM +0100, [email protected] Blok
---12/29/2008 12:00:54 PM---On Mon, Dec 29, 2008 at 04:27:44PM +0100,
j.snelders@xxxxxxxxxx wrote:
From:
Sake Blok <sake@xxxxxxxxxx>
To:
Community support list for Wireshark <wireshark-users@xxxxxxxxxxxxx>
Date:
12/29/2008 12:00 PM
Subject:
Re: [Wireshark-users] Negative Fibre Channel scsi_time values
------------------------------------------------------------------------
On Mon, Dec 29, 2008 at 04:27:44PM +0100, j.snelders@xxxxxxxxxx wrote:
> On Mon, 29 Dec 2008 11:00:37 +0100 Alexandre Aeschbach wrote:
>
> >The thing with the packet numbers you mentioned is a problem too. The
> >traces are not merged or edited.
> >
> >If I do the filtering with tshark I get no results for "scsi.time <
-0.001".
>
> May be you have to use the '.' as the decimal symbol in stead of the ','
> Please take a look at Control Panel -> "Regional Settings and
Language Options"
Well, tshark processes all packets in only one run, so if the command
comes before the response (as Wireshark makes you believe), then it can
not know the (negative) response time yet as it has not seen the request
yet when processing the response. Hence the difference between the
Wireshark and the tshark output...
Now... the main problem is why wireshark thinks these requests and
responses belong together, although they bend the nature of time ;-)
It would help to see the actual capture file instead of just a
screenshot.
HTH,
Cheers,
Sake
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
------------------------------------------------------------------------
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
