Ian Schorr
<spamcontrol2@com
cast.net> To
Sent by: Ethereal user support
ethereal-users-bo <ethereal-users@xxxxxxxxxxxx>
unces@xxxxxxxxxxx cc
m
Subject
Re: [Ethereal-users] Network
03/10/2004 12:26 Traversal Time
PM
Please respond to
Ethereal user
support
<ethereal-users@e
thereal.com>
On Mar 9, 2004, at 3:28 PM, sstudsda@xxxxxxxx wrote:
>>
>> Using NTP to sync the capturing stations to a common time source should
>> provide a consistent time for recording timestamps at each point. Of
>> course there could be some minor clock drift, but it should be accurate
>> enough that the drift is not going to have a significant impact on the
>> results.
>>
>I don't particularly like this option (or this as the only option)
>because even with the existence of tools like NTP, host clock
>synchronization can be problematic.
The more I've been thinking about this, the more I like the idea of being
able to specify a time difference manually or if not specified assume the
clocks are "synched".
I was also thinking about my comment on performing a bit for bit comparison
or even a hash of the packet for obtaining a signature of the packet. This
might work for bridged protocols, but would fail miserably with routed
protocols. The other aspect to this would be the possibility of a device,
like a firewall, rewriting the packet headers and changing IP sequence
numbers and such. And then there would be packet fragmentation
possibilities to account for. And I ramble on... =)
>> Hmm, looks like we have found our volunteer. Now he just needs to
>> dust off
>> his C programming books and start reading some source code. =)
>
>Ugh. This requires the volunteer to have spare or dedicated time, If
>we're waiting on me it will probably be 2005+ before this feature
>appears =)
Actually, I was volunteering myself in a not so clear manor. =)
I have some free time to devote to this, but first have to refresh my
programming skills as it has been nearly a decade since I have really used
them (outside of some Perl scripts now and then).
Steve