Ethereal-users: Re: [Ethereal-users] (no subject)

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Ulf Lamping <ulf.lamping@xxxxxx>
Date: Wed, 19 Jul 2006 21:55:33 +0200
vaibhav_kaware@xxxxxxxxxxxxxxxx wrote:

Hi,
isn't it true that packet is timestamped/captured when it
comes to the machine on which a packet sniffer is installed? 
See http://www.wireshark.org/docs/wsug_html_chunked/ChAdvTimestamps.html

So, if the desired destination and the machine on which the
sniffer is installed is not the same,
        then the time stamp on the packet may not be same as
the timestamp at the desired destination's machine. 
Yes.

e.g.
So, if machine A records a network traffic, then time stamp on
a packet, sent by some X within network to other server S
outside network, as captured/recorded by machine A, is what
timestamp? What time will it signify?
The time when it arrived at machine X (or better when the kernel on machine X timestamped it). 

Q2. Is there any way of knowing the timestamp of the packet at
the source?
i.e., is it possible to know the time at which a particular
packet left the source machine?
Running a second sniffer on the source machine, with *very accurate* syncronised times between sniffers. 

However, I don't know a way to do this.


Regards, ULFL
_______________________________________________
Ethereal-users mailing list
Ethereal-users@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-users