When does Wireshark timestamp captured packets? -


when wireshark timestamp packets? after receiving frame? or @ receiving first bytes of frame? read following description wireshark timestamps text states: "while packets captured, each packet time stamped comes in".

consider following scenario , accurate os time:

sender ----> wireshark ----> receiver

the sender starts transmission of frame @ time x. frame received @ receiver @ time y (y = transmission start x + frame length / link speed). captured frame appear in wireshark timestamp close x or y?

best regards, jonas

well, wireshark doesn't time stamp packets itself; relies on libpcap them and, on operating systems, libpcap doesn't time stamp them itself, either, os's packet capture mechanism, used libpcap does. main exception windows, winpcap has provide own capture mechanism in kernel, atop ndis, mechanism behaves mechanisms inside un*xes, , give similar behavior. (the other exception hp-ux, os's capture mechanism doesn't time-stamp packets @ all, libpcap so; gives answers similar other oses, potentially longer delay before packets time-stamped.)

if wireshark (or other packet sniffer!) run on sender, packets "wrapped around" within os , handed capture mechanism; time stamp applied before sender starts transmitting packet, time stamp closer x y.

if wireshark (or other packet sniffer) run on receiver, time stamp applied @ time after entire packet has been received; involve delays due packet being queued up, interrupts being "batched", amount of network-stack processing being done before packet time stamped, etc.. time stamp closer y x.

if wireshark (or other packet sniffer) being run on third machine, passively sniffing network, time stamp closer y x, there's difference due receiver , sniffer being separate machines might see packet @ different times, have different code paths receiving, etc..


Comments

Post a Comment

Popular posts from this blog

blackberry 10 - how to add multiple markers on the google map just by url? -

i have android application, want convert blackberry 10 , google map needed in app,but blackberry 10 not support googlemap , blackberry developer web site supply way replace it.the sample below: @override public void oncreate(bundle savedinstancestate) { super.oncreate(savedinstancestate); setcontentview(r.layout.main); webview webview = (webview) findviewbyid(r.id.mywebview); webview.getsettings().setjavascriptenabled(true); webview.loadurl("http://maps.google.com/?ll=36.97, -122&lci=bike&z=13&t=p"); } i cannot understand it,i not know how add multiple markers on googlemap via url? can me? this worked me map shown in webview.
Read more

php - guestbook returning database data to flash -

i've been struggling problem long , unable make work, hope can me it. first, know php files correct , mysql database works fine. in flash, able submit comment database comments not display. did many tests such making returned_database flash separately , worked fine - can see old comments. long combine submitting 1 , returning 1 together, flash doesn't show comments more. put lower version flash effects on frame thinking doesn't collaborate returning flash, submitting flash works fine. since pretty complex problem hard me copy actionscript code because on different frames in flash. if has ideas fixing maybe can send file you?
Read more

delphi - Dynamic file type icon -

i want register file type in windows , make program delphi draw icon of file according contents (something custom icon format). how can this? thanks nortd , user539484 comments, searched internet "shell icon handler delphi" , found sample here , , shell+ components has component this.
Read more