Packets are not timestamped by Wireshark. They are timestamped by the WinPcap
driver. In case of the AirPcap adapters, each packets ships with two
timestamps, one generated by the driver (in the bpf/pcap header) and one
generated by the hardware within the PPI/radiotap header.
You cannot improve timestamp precision to nanosecond in software, you need to
have the hardware timestamp your packets.
Have a nice day
GV
----- Original Message -----
From: John Wang
To: Developer support list for Wireshark
Sent: Monday, May 19, 2008 9:06 AM
Subject: [Wireshark-dev] A question about how to improve the time
resolutionof ARRIVAL TIME?
Hi,
I'm trying to improve the time accuracy of ARRIVAL TIME which is the time
when a wireless frame is captured by Wireshark. In original Wireshark program,
the time resolution is micro-second, but I want to improve it to nano-second
for special applications.
As what I'm thinking, when a frame is captured by Wireshark through WinPcap,
the capture program of Wireshark calls a timer at the same time, and records
the value of the timer as the arrival time. So I want to use an Enhanced Timer
to instead of the normal timer to record the arrival time. Cause Enhanced Timer
can provide a constant, high accuracy time in nano-second, I can improve the
time accuracy of Arrival Time to nano-second.
So the key point is to find out which code sections are used to call the
timer to record the ARRIVAL TIME. I read the documents, especially
README.capture. But seems to me, it's very unclear about the process of the
wireless frame capture, it only gives a brief introduction. I have narrowed the
searching area to following files, but there are still thousands of lines code
need to be read. And things may be worse that what I'm thinking is wrong,
actually the code sections calling timer are in other files. If anyone knows
the positions of these specific code sections or has some experience, I need
your help.
Following is the suspected files:
capture-pcap-util-int.h
capture-pcap-util.h
capture-pcap-util.c
capture-wpcap.c
capture-wpcap.h
capture.c
capture.h
capture_info.c
capture_info.h
capture_opts.c
capture_opts.h
packet-ieee80211.c /*I'm going to use Wireshark to capture 802.11 wireless
network frames, */
packet-ieee80211.h /* that's why I specify these two dissector files
*/
Thanks for your patience to read through this mail. Any suggestions coming
from you will give me great help.
Cheers
John
------------------------------------------------------------------------------
_______________________________________________
Wireshark-dev mailing list
[email protected]
http://www.wireshark.org/mailman/listinfo/wireshark-dev
_______________________________________________
Wireshark-dev mailing list
[email protected]
http://www.wireshark.org/mailman/listinfo/wireshark-dev
