Hi there,
I'm using Wireshark to capture data that I'm receiving via a raw
socket (on linux) in another process (let's call it 'P').
I record the timestamp of each packet P receives, and compare that
with wireshark's timestamp. Wireshark *always* receives the data
~10-30us before P does. But theoretically, they should both be on
equal footing, because wireshark captures the data in the same way as
P (via a raw socket).
Why am I seeing this difference?
- Bryan
--
Bryan Hoyt, Web Development Manager -- Brush Technology
Ph: +64 3 942 7833 Mobile: +64 21 238 7955
Web: brush.co.nz