9/6/2023 0 Comments Time stamp wireshark pcap![]() * 3 -> Timestamps generated through the i386 instruction RDTSC, Precision = scheduling quantum (10/15 ms) ![]() More reliable on SMP/HyperThreading machines, * 2 -> Timestamps generated through KeQuerySystemTime, Less reliable on SMP/HyperThreading machines, * 0 (default) -> Timestamps generated through KeQueryPerformanceCounter, HKLM\System\CurrentControlSet\Services\NPF\TimestampMode This can be done by modifying a registry key: Workaround is to switch the timestamping mode to the system time, which hasĪ granularity in the order of 10-15milliseconds. ![]() If you accept a timestamp precision in the order of some milliseconds, the Synchronizes its clock on the network with NTP or similar systems. Such clock doesn't get resynchronized when your machine KeQueryPerformanceCounter, which represent the number of 100ns ticks sinceīoot time. When you start the capture, and then uses the timestamps returned by What happens is that the WinPcap driver synchronizes with the system clock Subject: Re: FW: FW: Dumpcap timestampdiscrepancy The system logs we need to correlate with have only whole second resolution in any case.įrom: winpcap-users-bounces at On Behalf Of Gianluca Varenni We have a hard enough time getting people to tell us what day something happened, much less what time, so a few milliseconds here and there won't cause too many problems. Messages sorted by: Ĭool I think that will work for us.Next message: Non-admistrator use of WinPcap. ![]() Previous message: FW: FW: Dumpcap timestampdiscrepancy.FW: FW:ĝumpcap timestampdiscrepancy Phil Paradis Phil.Paradis at ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |