Hi!
I am conducting few experiments to calculate the one-way delay between two
Dell computers running Windows 2000. Both these computers have NTP daemon
installed in them. They are synchronized with respect to three NTP stratum 2
servers maintained by the university. As per my observations, both the
computers are synchronized within 50 ms. (maximum) of the UTC.
Now, I start ethereal on both the machines. I use a modified ping program,
tping, from machine 1 to send ICMP packets to machine 2 and receive the
response back. Once the experiment is over, I use the ethereal captured time
stamps of the packets to calculate one-way forward delay. I get an offset
and a constant skew. In a three hour experiment, the one-way delay increases
from 27 ms. to 130 ms. with a constant slope.
This shows that the time synchronization between the computers (achieved
using NTP) is not being reflected in the time stamps of the captured
packets.
What is happening inside ethereal/WinPCap that is showing this behaviour? Is
this a bug? If yes, is ethereal or WinPCap responsible for this?
In my opinion, ethereal/WinPCap is not using the system time stamp that
reflects the NTP time correction. How can I correct this?
Sincerely,
Aninda
_________________________________________________________________
Dont just search. Find. Check out the new MSN Search!
http://search.msn.click-url.com/go/onm00200636ave/direct/01/
