Thanks for the link! I may do this or disable one of the cores.
On 1/14/2010 2:33 PM, Gianluca Varenni wrote:
Well, you already got an answer from the WinPcap team... I work in the
WinPcap team.
If a timestamp precision in the order of some milliseconds is ok for you,
then you can switch the timestamping mode to a less precise one that is
sync'ed with the system time. You can find details on how to change the
timestamping mode in this email:
http://www.winpcap.org/pipermail/winpcap-bugs/2010-January/001153.html
Have a nice day
GV
--------------------------------------------------
From: "Lee Riemer"<lriemer@xxxxxxxxxxxx>
Sent: Thursday, January 14, 2010 11:28 AM
To:<wireshark-users@xxxxxxxxxxxxx>
Subject: Re: [Wireshark-users] Timestamp Skew
Thanks all for the info. I'll direct my concerns to the WinPcap group.
On 1/14/2010 12:57 PM, Gianluca Varenni wrote:
WinPcap synchronizes with the system time only when at the beginning of a
capture. More precisely, it syncs when you start a capture only if there
are
no other captures (on the same adapter or different adapters) running. As
a
consequence, adjustments to the clock done by NTP are not seen.
Have a nice day
GV
--------------------------------------------------
From: "Guy Harris"<guy@xxxxxxxxxxxx>
Sent: Thursday, January 14, 2010 10:25 AM
To: "Community support list for Wireshark"<wireshark-users@xxxxxxxxxxxxx>
Subject: Re: [Wireshark-users] Timestamp Skew
On Jan 14, 2010, at 10:19 AM, Lee Riemer wrote:
The sniffer server is syncing with NTP, and this is also a dual core
system. You may be on to something, though. If the box is correcting
it's skew with NTP, wireshark might not be if it isn't polling the time
for each packet.
Anyone know exactly how WS picks the time to stamp?
On Windows, it takes it from the information supplied to it by WinPcap,
so
it's not Wireshark that's picking the time to stamp, it's WinPcap. (On
UN*X, it takes it from the information supplied to it by libpcap, which
is, on almost all platforms, the time supplied to libpcap by the
OS-native
packet capture mechanism being used by libpcap.)
If none of the WinPcap developers reply here, you might want to report
it
to them as a bug:
http://www.winpcap.org/bugs.htm
___________________________________________________________________________
Sent via: Wireshark-users mailing list<wireshark-users@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
___________________________________________________________________________
Sent via: Wireshark-users mailing list<wireshark-users@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
___________________________________________________________________________
Sent via: Wireshark-users mailing list<wireshark-users@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
___________________________________________________________________________
Sent via: Wireshark-users mailing list<wireshark-users@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
