Important Notice: Our web hosting provider recently started charging us for additional visits, which was unexpected. In response, we're seeking donations. Depending on the situation, we may explore different monetization options for our Community and Expert Contributors. It's crucial to provide more returns for their expertise and offer more Expert Validated Answers or AI Validated Answers. Learn more about our hosting issue here.

Im capturing packets on Linux; why do the time stamps have only 100ms resolution, rather than 1us resolution?

capturing linux packets resolution stamps time
0
Posted

Im capturing packets on Linux; why do the time stamps have only 100ms resolution, rather than 1us resolution?

0 CommentsAdd a Comment

1 Answer

0

Wireshark gets time stamps from libpcap/WinPcap, and libpcap/WinPcap get them from the OS kernel, so Wireshark – and any other program using libpcap, such as tcpdump – is at the mercy of the time stamping code in the OS for time stamps. At least on x86-based machines, Linux can get high-resolution time stamps on newer processors with the Time Stamp Counter (TSC) register; for example, Intel x86 processors, starting with the Pentium Pro, and including all x86 processors since then, have had a TSC, and other vendors probably added the TSC at some point to their families of x86 processors. The Linux kernel must be configured with the CONFIG_X86_TSC option enabled in order to use the TSC. Make sure this option is enabled in your kernel. In addition, some Linux distributions may have bugs in their versions of the kernel that cause packets not to be given high-resolution time stamps even if the TSC is enabled. See, for example, bug 61111 for Red Hat Linux 7.2. If your distribution has a bug

0 CommentsAdd a Comment

Related Questions

What is your question?

*Sadly, we had to bring back ads too. Hopefully more targeted.

Experts123