[Winpcap-users] Where does the Winpcap timestamp come from? and others

[John Wang]

Hi All,


I'm now working on a project which needs to to record the captured wireless
packets arrival time precisely. I used Wireshark and CACE adapter before.
But it seems they record the arrival time in microseconds. As Wireshark
doesn't access the hardware directly, it receives the raw data from WinPcap,
so I'm thinking maybe I can get more accurate local timestamp from winPcap
directly

In the document of Winpcap, the NPF records the captured packets, and also
their timestamps. I have several question and looking for help:

1. Where does the NPF get the time information to timestamp these incoming
packet? The time information comes from a onboard timer in the adapter or
from a CPU or similar computer clock?

2. Which function in the NPF or Packet.dll can be used as a trigger to
request CPU timer, like queryperformancecounter (), to timestamp the arrival
packet to obatin higher precision?

3. Is there any performance difference if I request the triger function
through wpcap.dll and packet.dll?

4. Can I reduce the size of the user buffer inside the NPF to set it small
enough to triger the CPU timer to timestamp when every packet is arrival?

Thanks for all your help.

Cheers

John
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.winpcap.org/pipermail/winpcap-users/attachments/20090501/c4e280d3/attachment.htm