[Winpcap-users] time stamp of winpcap
chain one
chainone at gmail.com
Tue Dec 12 06:32:09 GMT 2006
I made some tests on linux and windows and found that the time stamp was not
the exact time the packet arrives.
And also I read some document of winpcap:
1. the NIC brings the packets to memory
2. the NIC driver acknowledges the NIC and disptches the packets to the
upper kernel levels (TCP/IP, WinPcap)
3. *winpcap timestamps the packets*
4. winpcap puts the packets into a buffer
5. winpcap moves the content of the buffer to user level when there's
enough packets in it
So maybe the time stamp is too late to attached to the packet.You can see
the result I got blew
# [send gap] [rcv gap(usermod)][rcv gap(winpcap)]
0 118 81 102 1 117 32 36 2 118 29 22 3 118 30 22 4 119 43 35 5 117 45 41
6 118 174 196 7 119 31 23 8 119 29 21 9 118 29 23 10 118 32 25 11 118 96 101
12 118 30 21 13 119 29 21 14 119 31 23 15 118 28 20 16 118 30 23 17 119 27
21 18 118 29 22 19 117 325 326 20 119 84 86 21 119 31 24 22 117 31 24 23 125
28 22 24 119 42 36 25 118 31 23 26 117 28 21 27 119 43 34 28 117 30 22 29
117 43 47 30 119 31 24 31 117 30 22 32 120 31 23 33 118 41 33 34 119 31 23
35 117 62 113 36 118 59 50 37 119 29 22 38 119 37 29 39 118 38 31 40 118 31
23 41 117 32 24 42 118 58 59 43 118 44 37 44 117 49 46 45 118 34 25 46 119
43 36 47 119 63 68 48 118 38 31 49 119 33 26 50 118 54 46 51 118 39 24 52
119 30 21 53 118 29 22 54 117 31 22 55 118 28 28 56 118 31 22 57 119 50 45
58 118 29 21 59 118 32 26 60 119 48 41 61 119 29 33 62 118 31 23 63 117 28
21 64 118 30 21 65 118 42 37 66 117 34 27 67 118 32 24 68 119 30 20 69 117
35 29 70 119 38 22 71 118 31 24 72 117 32 23 73 117 40 24 74 117 44 25 75
117 45 38 76 118 29 20 77 118 29 23 78 117 32 23 79 118 28 20 80 119 32 22
81 117 159 163 82 118 42 42 83 119 63 119 84 117 78 92 85 117 67 76 86 121
31 26 87 119 32 24 88 117 53 72 89 118 34 27 90 118 33 26 91 119 33 25 92
118 326 326 93 117 47 41 94 117 32 35 95 119 57 47 96 119 92 117 97 118 167
177 98 117 113 123
what's go on on windows network card?
2006/12/12, Gianluca Varenni <gianluca.varenni at cacetech.com>:
>
> The packets are timestamped at kernel level when they are processed by
> the WinPcap kernel driver, so basically when the network card driver
> notifies the upper protocol drivers (like winpcap or tcp/ip) that a packet
> arrived.
>
> Have a nice day
> GV
>
> ----- Original Message -----
> *From:* chain one <chainone at gmail.com>
> *To:* winpcap-users at winpcap.org
> *Sent:* Saturday, December 09, 2006 7:45 AM
> *Subject:* [Winpcap-users] time stamp of winpcap
>
>
> Hello everyone:
> Who can tell me when the time stamp being attached to a
> packet when receiveing a packet?
> Is the stamp stand for the time the packet arrived at the
> net card?(microsecond)
> Is the timestamp generated at the kernel level ?
> Is the timestamp being attached to a packet at the kernel
> level?
>
> ------------------------------
>
> _______________________________________________
> Winpcap-users mailing list
> Winpcap-users at winpcap.org
> https://www.winpcap.org/mailman/listinfo/winpcap-users
>
>
> _______________________________________________
> Winpcap-users mailing list
> Winpcap-users at winpcap.org
> https://www.winpcap.org/mailman/listinfo/winpcap-users
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.winpcap.org/pipermail/winpcap-users/attachments/20061212/d0881193/attachment-0001.htm
More information about the Winpcap-users
mailing list