Re: [Winpcap-users] time drift / Windows

Sun, 15 Apr 2012 22:17:27 -0700 

Hi Stuart,
I faced the same problems and i donĀ“t think that anyone is more or less accurate after some days. Since 2 years, i stamp each captured packet by myself (My app runs NPF for weeks) 

best Regards
Helmut

Stuart Kendrick schrieb:

So, I have a rough grasp of the trade-offs involved in WinPCap's concept
of time, mostly from googling for "winpcap, time drift, gianluca
verenni" and reading the result ... this is an issue which has appeared
on various lists across the last decade or so ... and at root involves
some stickiness in the options which Windows offers for tracking time

http://seclists.org/wireshark/2012/Apr/85
http://seclists.org/wireshark/2010/Aug/311

As far as I can tell, twinking with the Registry as below doesn't help
-- time still drifts (~30 seconds after two days, in the one test I've
run), even with TimestampMode set to '2'

Does anyone believe differently?  i.e. is anyone successfully running
NPF across multiple days with Winpcap time synced to system time within
a second or so?

HKLM\System\CurrentControlSet\Services\NPF\TimestampMode

Possible values are

0 (default) -> Timestamps generated through KeQueryPerformanceCounter, less 
reliable on SMP/HyperThreading machines, precision = some microseconds
2 -> Timestamps generated through KeQuerySystemTime, more reliable on 
SMP/HyperThreading machines, precision = scheduling quantum (10/15 ms)
3 -> Timestamps generated through the i386 instruction RDTSC, less reliable 
on SMP/HyperThreading/SpeedStep machines, precision = some microseconds



Winpcap 4.1.2
Win7 Enterprise 64 bit
Wireshark 1.7.1

--sk

Stuart Kendrick
FHCRC
_______________________________________________
Winpcap-users mailing list
[email protected]
https://www.winpcap.org/mailman/listinfo/winpcap-users


  


--
----------------------------------------------------------------
Ing. Helmut Vaupotitsch        Phone:  +43 (0)3133 3780 16
ITEC Tontechnik und            Fax:    +43 (0)3133 3780 9
Industrieelektronik GmbH       E-mail: [email protected]
A-8200 Lassnitzthal 300        URL:    http://www.itec-audio.com
----------------------------------------------------------------

_______________________________________________
Winpcap-users mailing list
[email protected]
https://www.winpcap.org/mailman/listinfo/winpcap-users






















					Reply via email to