> I know this problem was discussed before on the list (msg: > http://www.tcpdump.org/lists/workers/2001/07/msg00001.html), and we tried > that, but we still have the same problem. Tried what? Using an unmodified libpcap and tcpdump from tcpdump.org, as per my followup to the cited message: http://www.tcpdump.org/lists/workers/2001/07/msg00002.html If so, then, as per the aforementioned followup, the problem is probably in the Linux kernel's time-stamping code. As such, I'd take this up with Red Hat, as it appears not to be a problem with tcpdump.org's libpcap code; the code we use to get the time stamp on Linux is if (ioctl(handle->fd, SIOCGSTAMP, &pcap_header.ts) == -1) { snprintf(handle->errbuf, sizeof(handle->errbuf), "ioctl: %s", pcap_strerror(errno)); return -1; } which pretty much amounts to "Dear Mr. Kernel: please tell me the time stamp of the most recently arrived packet". - This is the TCPDUMP workers list. It is archived at http://www.tcpdump.org/lists/workers/index.html To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
