The WinPcap driver is not dispatched as a thread, at the end of the story it's mainly interrupt driven.
Have a nice day GV From: "Fish" (David B. Trout) Sent: Monday, September 20, 2010 7:49 PM To: [email protected] Subject: Re: [Winpcap-users] WinPCAP packets capture delay.. Yes, you are correct. Adjusting "timeBeginPeriod" does not affect QueryPerformanceCounter, but since it does affect task dispatching (apparently) I thought setting it to a lower value might help to cause tasks (including the WinPCap device diver (NPF.sys)) to be dispatched more quickly (i.e. with less delay). I have no idea what delay/precision Alimjan is referring to. -- "Fish" (David B. Trout) [email protected] From: [email protected] [mailto:[email protected]] On Behalf Of Gianluca Varenni Sent: Monday, September 20, 2010 4:49 PM To: [email protected] Subject: Re: [Winpcap-users] WinPCAP packets capture delay.. Importance: High Timer coalescing/timeBeginPeriod in practice change the scheduling quantum from 10-15ms (depending on the specific windows version) to around 1ms and does not affect QueryPerformanceCounter (which is not based on that timer). What is the timestamp precision and delay that we are talking about? Have a nice day GV From: "Fish" (David B. Trout) Sent: Sunday, September 19, 2010 5:06 PM To: [email protected] Subject: Re: [Winpcap-users] WinPCAP packets capture delay.. You're welcome. As to your problem there might not be anything you can do about it. Then again however, there might be some things you can do to reduce the effect. Things like using Windows 7 (with its Timer Coalescing feature) instead of Windows XP. Disabling "SpeedStep" if your system supports it (so as to increase the accuracy of QueryPerformanceCounter which is what WinPCap uses to timestamp all its received packets with). You should also check to make sure you have the latest BIOS version installed too. I doubt it will help any (esp. if you're using Windows 7 with its Timer Coalescing feature), BUT... you might try using "timeBeginPeriod" and "timeEndPeriod", which I've heard sometimes increases the accuracy of Windows's timers. Finally, many (if not all) of the issues listed in my post to yulou liu ("About the packets loss, what is the bottleneck?") quite likely apply in your case too. That is to say, if you're doing using older single-processor hardware using an older version of Windows, etc, then it's hardly surprising that the timestamps are inconsistent from one another. Windows can only do one thing at a time with only one processor, and even with multiple processors there are bottlenecks involved when you have unnecessary services running and/or unnecessary applications running. If you're truly interested in obtaining the most accurate timings possible I would use dedicated hardware specifically for that purpose (or at the very least a real-time operating system and not a consumer level operating system like Windows). Describe your hardware and operating environment again? -- "Fish" (David B. Trout) [email protected] From: [email protected] [mailto:[email protected]] On Behalf Of Alimjan Kuramshin Sent: Sunday, September 19, 2010 5:46 AM To: [email protected] Subject: Re: [Winpcap-users] WinPCAP packets capture delay.. Importance: High Hi, Devid! Maaany thanks for Your reply. NO, it's just an example MAC's, actually i'm using hardware MAC's. And one more thing, my PC (laptop) connected directly to the other PC (or custom device, it doesn't mater i guess).. Many thanks for Your attention, i've spend about 6-8 month with this problem, and still no luck :( 19.09.2010, в 15:25, Fish (David B. Trout) написал(а): FYI: be careful with the MAC address you choose. Any MAC address with the 0x01 bit on in the first byte is considered an all-stations broadcast. Is that what you actually intended to do? Send 10,000 packets to ALL/every network adapter on your local network?? (if your host has more than one network adapter on the same physical network segment then they'll both receive every packet.) If you need a MAC address to test with, the IANNA has reserved the range 00-00-5E-00-00-00 through 00-00-5E-FF-FF-FF just for that purpose. See the section "IANA ETHERNET ADDRESS BLOCK - UNICAST USE" (about 0.75 of the way down the web page) in the following document: http://www.iana.org/assignments/ethernet-numbers -- "Fish" (David B. Trout) [email protected] From: [email protected] [mailto:[email protected]] On Behalf Of Alimjan Kuramshin Sent: Saturday, September 18, 2010 2:33 PM To: [email protected] Subject: [Winpcap-users] WinPCAP packets capture delay.. Importance: High Hello! Gianluca, can u run this code on Your machine and running the Wireshark save the log and send it to me, please.. Is there any delays, i mean delays between the packets that Wireshark (winpcap) capture? P.S. code from WinPcap documentation, sending packets, not one, but 10000 (or 1000000).. #include <stdlib.h>#include <stdio.h> #include <pcap.h> void main(int argc, char **argv){pcap_t *fp;char errbuf[PCAP_ERRBUF_SIZE];u_char packet[100];int i;volatile int n_pkts = 10000; // 1000000 /* Check the validity of the command line */ if (argc != 2) { printf("usage: %s interface (e.g. 'rpcap://eth0')", argv[0]); return; } /* Open the output device */ if ( (fp= pcap_open(argv[1], // name of the device 65536, // portion of the packet to capture (only the first 100 bytes) PCAP_OPENFLAG_PROMISCUOUS, // promiscuous mode 1000, // read timeout NULL, // authentication on the remote machine errbuf // error buffer ) ) == NULL) { fprintf(stderr,"\nUnable to open the adapter. %s is not supported by WinPcap\n", argv[1]); return; } /* Supposing to be on ethernet, set mac destination to 1:1:1:1:1:1 */ packet[0]=1; packet[1]=1; packet[2]=1; packet[3]=1; packet[4]=1; packet[5]=1; /* set mac source to 2:2:2:2:2:2 */ packet[6]=2; packet[7]=2; packet[8]=2; packet[9]=2; packet[10]=2; packet[11]=2; /* Fill the rest of the packet */ for(i=12;i<100;i++) { packet[i]=(u_char)i; } while (n_pkts--) /* Send down the packet */ if (pcap_sendpacket(fp, packet, 100 /* size */) != 0) { fprintf(stderr,"\nError sending the packet: %s\n", pcap_geterr(fp)); return; } return;}/* EOF */Thanks, bye.. _______________________________________________ Winpcap-users mailing list [email protected] https://www.winpcap.org/mailman/listinfo/winpcap-users -------------------------------------------------------------------------------- _______________________________________________ Winpcap-users mailing list [email protected] https://www.winpcap.org/mailman/listinfo/winpcap-users -------------------------------------------------------------------------------- _______________________________________________ Winpcap-users mailing list [email protected] https://www.winpcap.org/mailman/listinfo/winpcap-users
_______________________________________________ Winpcap-users mailing list [email protected] https://www.winpcap.org/mailman/listinfo/winpcap-users
