On Thu, May 13, 2010 at 04:54:34PM -0700, Phil Paradis wrote:
> I'm not sure about the timestamp issue; all of our capture boxes are
> Windows-based, so I've never really played with a long-running
> capture on Linux.
How long did you have to leave it running before seeing the problem on
Windows? I've left dumpcap running on a Linux box for 5 days, started
a big download, and am seeing minimal time differences. Methodology:
dumpcap -w test.pcap -b filesize:1024 -b files:5 > /dev/null 2>&1 &
# wait 5 days
# kick off big download
tcpdump -nr $(ls -1rt *.pcap|tail -1)|tail -1; date +%H:%M:%S.%N
The delta between the tcpdump and the current date+time is about 10ms
on my box, which is about what it was when I kicked this off 5 days
ago.
Is 5 days long enough to prove that this isn't a problem under Linux,
or does it need to stay longer?
- Morty