Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-users: [Wireshark-users] Raw socket performance

From: "Bryan Hoyt | Brush Technology" <bryan@xxxxxxxxxxx>
Date: Tue, 29 Jun 2010 11:49:53 +1200
Hi there,

I'm using Wireshark to capture data that I'm receiving via a raw
socket (on linux) in another process (let's call it 'P').

I record the timestamp of each packet P receives, and compare that
with wireshark's timestamp. Wireshark *always* receives the data
~10-30us before P does. But theoretically, they should both be on
equal footing, because wireshark captures the data in the same way as
P (via a raw socket).

Why am I seeing this difference?

 - Bryan

--
Bryan Hoyt, Web Development Manager  --  Brush Technology
Ph: +64 3 942 7833     Mobile: +64 21 238 7955
Web: brush.co.nz