> I was wondering as to how trustworthy are the arrival timestamps in
> ethereal for windows (meaning how and when in the frame processing are
> they added and what's their accuracy). How about ethereal for linux?
They're as trustworthy as the timestamps are for any *other* application
using WinPcap (for Windows) or PF_PACKET sockets (for Linux 2.2 and
later).
I.e., Ethereal just uses what the underlying packet capture code (which
isn't part of Ethereal) gives it. You'd have to ask the WinPcap people:
[EMAIL PROTECTED]
about the WinPcap time stamps, and you'd have to ask Linux networking
developers (e.g., ask the linux-net mailing list) about the Linux time
stamps. (For information about Linux mailing lists, see
http://www.linux.org/docs/lists.html
.)
