Paula.Doyle wrote:
I'm trying to use Ethereal for a project that requires a high degree of
accuracy. Can anyone tell me where to find information on how accurate
Ethereal timing is at measuring before the protocol stack, and any delays
that it incurs.
The time stamping isn't done by Ethereal, it's done by the packet
capture mechanism Ethereal uses. That mechanism is different on
different OSes, so:
on various UN*Xes, you'd have to ask somebody responsible for the OS
code in question;
on Windows, you'd have to ask the WinPcap developers.
The short answer, however, is "probably not highly accurate". The time
stamping is *not* done by the network adapter in any cases with which
I'm familiar.
For packets received by the machine, it's done some time after the
packet is received. Some OSes might do packet "batching", so that,
instead of configuring the network adapter to interrupt the host for
each packet, they poll the adapter periodically so that they can process
several packets per clock interrupt rather than one packet per
interrupt, so the host won't know the packet was received until the
polling process discovers it. In addition, the packet won't necessarily
be processed until all previously-received packets have been processed,
which adds another delay - and the time stamping doesn't occur as the
very first action when processing the packet, adding another delay.
For packets sent by the machine, the time stamping is done before the
packet is transmitted, as those packets are not received by the machine
sending the packet, they're "wrapped around" internally in the driver or
networking code.