--------------------------------------------------
From: "Guy Harris" <guy@xxxxxxxxxxxx>
Sent: Friday, January 15, 2010 2:40 PM
To: "Community support list for Wireshark" <wireshark-users@xxxxxxxxxxxxx>
Subject: Re: [Wireshark-users] Timestamp Skew
On Jan 14, 2010, at 12:33 PM, Gianluca Varenni wrote:
Well, you already got an answer from the WinPcap team... I work in the
WinPcap team.
If a timestamp precision in the order of some milliseconds is ok for you,
then you can switch the timestamping mode to a less precise one that is
sync'ed with the system time. You can find details on how to change the
timestamping mode in this email:
http://www.winpcap.org/pipermail/winpcap-bugs/2010-January/001153.html
That should perhaps be in the WinPcap FAQ. Using performance counters
could cause not only the failure to get NTP-synced timestamps but also, at
least in mode 3, failures on machines where the CPU isn't running at full
speed, such as
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4249
Does KeQueryPerformanceCounter(), on x86, use RDTSC but compensate for CPU
clock speed changes?
It's not documented, and depends on the version of Windows, the service
pack, and the HAL type... Most of the times it's a non-compensated RDTSC,
however.
GV
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
