[Rajesh Chundi <RChundi@xxxxxxxxxxxxxxxxx>]

Title: FW: [WinPcap-bugs] Incorrect packet arrival time

hi guy and others

loris says the problem is with ethereal cos we didnt find the same problem with windump.

cheers
chundi

-----Original Message-----
From: Loris Degioanni [mailto:loris@xxxxxxxxxxxxxxxxxxxxxxx]
Sent: Friday, May 10, 2002 3:25 PM
To: Rajesh Chundi
Cc: winpcap-bugs@xxxxxxxxxxxxxxxxx
Subject: Re: [WinPcap-bugs] Incorrect packet arrival time

So I think that the problem is caused by Ethereal rather than winpcap. You
should report the bug to the ethereal-users@xxxxxxxxxxxx mailing list.

Loris.

----- Original Message -----
From: "Rajesh Chundi" <RChundi@xxxxxxxxxxxxxxxxx>
To: "'Loris Degioanni'" <loris@xxxxxxxxxxxxxxxxxxxxxxx>
Sent: Tuesday, May 07, 2002 4:17 PM
Subject: RE: [WinPcap-bugs] Incorrect packet arrival time

> Hi
>
> it worked well with windump. we got the correct timestamp for all packets.
>
> Cheers
> Chundi
>
> -----Original Message-----
> From: Loris Degioanni [mailto:loris@xxxxxxxxxxxxxxxxxxxxxxx]
> Sent: Tuesday, May 07, 2002 4:27 PM
> To: Rajesh Chundi
> Subject: Re: [WinPcap-bugs] Incorrect packet arrival time
>
>
> Hi,
>
> ----- Original Message -----
> From: "Rajesh Chundi" <RChundi@xxxxxxxxxxxxxxxxx>
> To: "'Loris Degioanni'" <loris@xxxxxxxxxxxxxxxxxxxxxxx>
> Sent: Tuesday, May 07, 2002 12:32 PM
> Subject: RE: [WinPcap-bugs] Incorrect packet arrival time
>
>
> > Hi Loris
> >
> > It did seem to be really strange cos there is no reason for two
different
> > timestamps.
> >
> > It must be related to winpcap - I wrote to ethereal and got the reply i
am
> > appending below saying timestamping is at winpcap level. Also, the
problem
> > got solved when I downgraded winpcap. I did not change the timezone of
PC.
> >
> > I dont have windump on my computer to check it.
>
> You can download it at http://windump.polito.it/install/default.htm.
>
> Loris
>
> > Chundi
> >
> > Ethereal reply
>
> --------------------------------------------------------------------------
> --
> > ----
> > If you are capturing packets with Ethereal, the packet time stamps come
> > from libpcap/WinPcap, as that's the library Ethereal uses to do packet
> > capture.
> >
> > Libpcap (on UNIX) gets time stamps from the OS's packet capture
> > mechanism; WinPcap (on Windows) gets time stamps from the WinPcap
> > driver, which again gets them from the OS.
> >
> > If you are reading a capture file from some other capture program, the
> > timing information comes from wherever that capture program gets it.  If
> > the capture program uses libpcap/WinPcap (as, for example,
> > tcpdump/WinDump does), the answers above apply; otherwise, you'd have to
> > ask the supplier of that capture program.
> >
> > So this is not an Ethereal issue; if the packets are being captured with
> > Ethereal, or some other program using libpcap/WinPcap, you would have to
> >
> > ask whoever supplied the OS, if you are running Ethereal on some
> > UNIX-flavored OS (Linux, {Free,Net,Open}BSD, Darwin/MacOS X,
> > Solaris, HP-UX, AIX, Digital UNIX, IRIX, etc.);
> >
> > ask the winpcap-users mailing list, or submit this as a bug to
> > winpcap-bugs:
> >
> > http://winpcap.polito.it/contact.htm
> >
> > if you are running Ethereal on Windows.
> >
> > Make sure you supply all details to whoever you ask, such as:
> >
> > the version of the kernel you're using, the version of the
> > distribution you're using, and the version of libpcap you're
> > using, if you're running on a Linux distribution;
> >
> > the version of the OS you're using, and the version of libpcap
> > you're using, if you're running on some other UNIX-flavored OS;
> >
> > the version of Windows you're using, and the version of WinPcap
> > you're using, if you're running on Windows.
>
> --------------------------------------------------------------------------
> --
> > -----------------------------------
> >
> > -----Original Message-----
> > From: Loris Degioanni [mailto:loris@xxxxxxxxxxxxxxxxxxxxxxx]
> > Sent: Tuesday, May 07, 2002 1:25 PM
> > To: RChundi@xxxxxxxxxxxxxxxxx
> > Cc: winpcap-bugs@xxxxxxxxxxxxxxxxxxxxxxx
> > Subject: Re: [WinPcap-bugs] Incorrect packet arrival time
> >
> >
> > Really strange.
> > The code to gather the timestamps is absolutely identical in the two
> > versions, so I can't explain why your problem happens.
> > Are you sure it's related to winpcap? Did you change the time zone of
your
> > PC recently? Does WinDump show the same problem?
> >
> > Loris
> >
> > > Hello guys,
> > >
> > > We are using ethereal 0.9.3 with winpcap 2.3 version to monitor
traffic
> on
> > a
> > > Windows 98 m/c. we are getting erroneous packet arrival time for
> packets,
> > as
> > > can be seen from the output below. The problem got corrected when I
> > > downgraded winpcap to 2.2.
> > >
> > > Some packets are originating with the correct time ( May 6 ) ; but
some
> > > packet are getting originated with wrong time ( May 5).
> > >
> > > The same happens even for consecutive packets with identical source
and
> > > destination IP address.
> > >
> > > Where do these packets get the timing info from. Can you please fix
the
> > bug?
> > >
> > > All the m/c in the lan are synchronised with NTP.
> > >
> > > Cheers
> > > Chundi
> > >
> > > Appending here with the summary and detailed sample output for the
same:
> > >
> > >     No. Time                       Source                Destination
> > > Protocol Info
> > >
> > >  77 2002-05-06 12:56:33.2219   RCHUNDI               www.ethereal.com
> > > TCP      1594 > 80 [ACK] Seq=10409730 Ack=936392942 Win=8760 Len=0
> > >      78 2002-05-05 04:37:36.5413   www.ethereal.com      RCHUNDI
> > > HTTP     Continuation
> > >      79 2002-05-06 12:56:33.4617   RCHUNDI
> www.ethereal.com
> > > TCP      1594 > 80 [ACK] Seq=10409730 Ack=936392942 Win=8760 Len=0
> > >      80 2002-05-05 04:37:36.7404   Enterasy_f4:ee:31
> 01:80:c2:00:00:00
> > > STP      Conf. TC + Root = 32768/00:01:f4:f3:bb:73  Cost = 0  Port =
> > 0x8031
> > >      81 2002-05-05 04:37:37.1333   www.ethereal.com      RCHUNDI
> > > HTTP     Continuation
> > >      82 2002-05-06 12:56:34.0537   RCHUNDI
> www.ethereal.com
> > > TCP      1594 > 80 [ACK] Seq=10409730 Ack=936392942 Win=8760 Len=0
> > >      83 2002-05-05 04:37:37.9624   RCHUNDI
192.168.253.50
> > > ICMP     Echo (ping) request
> > >      84 2002-05-06 12:56:34.8831   192.168.253.50        RCHUNDI
> > > ICMP     Echo (ping) reply
> > >
> > > Frame 77 (66 on wire, 66 captured)
> > >     Arrival Time: May  6, 2002 12:56:33.221986000
> > >     Time delta from previous packet: 116336.920356000 seconds
> > >     Time relative to first packet: 116366.713628000 seconds
> > >     Frame Number: 77
> > >     Packet Length: 66 bytes
> > >     Capture Length: 66 bytes
> > >
> > > Frame 78 (1514 on wire, 1514 captured)
> > >     Arrival Time: May  5, 2002 04:37:36.541329000
> > >     Time delta from previous packet: -116336.680657000 seconds
> > >     Time relative to first packet: 30.032971000 seconds
> > >     Frame Number: 78
> > >     Packet Length: 1514 bytes
> > >     Capture Length: 1514 bytes
> > >
> > > Frame 79 (66 on wire, 66 captured)
> > >     Arrival Time: May  6, 2002 12:56:33.461714000
> > >     Time delta from previous packet: 116336.920385000 seconds
> > >     Time relative to first packet: 116366.953356000 seconds
> > >     Frame Number: 79
> > >     Packet Length: 66 bytes
> > >     Capture Length: 66 bytes
> > >
> > > Frame 80 (60 on wire, 60 captured)
> > >     Arrival Time: May  5, 2002 04:37:36.740496000
> > >     Time delta from previous packet: -116336.721218000 seconds
> > >     Time relative to first packet: 30.232138000 seconds
> > >     Frame Number: 80
> > >     Packet Length: 60 bytes
> > >     Capture Length: 60 bytes
> > >
> > > Frame 81 (1514 on wire, 1514 captured)
> > >     Arrival Time: May  5, 2002 04:37:37.133316000
> > >     Time delta from previous packet: 0.392820000 seconds
> > >     Time relative to first packet: 30.624958000 seconds
> > >     Frame Number: 81
> > >     Packet Length: 1514 bytes
> > >     Capture Length: 1514 bytes
> > >
> > >
> > > Frame 82 (66 on wire, 66 captured)
> > >     Arrival Time: May  6, 2002 12:56:34.053764000
> > >     Time delta from previous packet: 116336.920448000 seconds
> > >     Time relative to first packet: 116367.545406000 seconds
> > >     Frame Number: 82
> > >     Packet Length: 66 bytes
> > >     Capture Length: 66 bytes
> > >
> > > Frame 83 (74 on wire, 74 captured)
> > >     Arrival Time: May  5, 2002 04:37:37.962403000
> > >     Time delta from previous packet: -116336.091361000 seconds
> > >     Time relative to first packet: 31.454045000 seconds
> > >     Frame Number: 83
> > >     Packet Length: 74 bytes
> > >     Capture Length: 74 bytes
> > >
> > > Frame 84 (74 on wire, 74 captured)
> > >     Arrival Time: May  6, 2002 12:56:34.883102000
> > >     Time delta from previous packet: 116336.920699000 seconds
> > >     Time relative to first packet: 116368.374744000 seconds
> > >     Frame Number: 84
> > >     Packet Length: 74 bytes
> > >     Capture Length: 74 bytes
> > >
> > >
> >
>