Hi,
I was wondering what would be the best solution for solving following
problem.
I'm using two or more separate Windows machines for capturing traffic in a
few network points.
The problem is that every machine has a different RTC time (even if the
difference is a few seconds).
That complicates the correct correlation of traffic dumps.
What would be the best way to solve it?
I was thinking about some external time synchronization between machines.
However that would require additional network wiring and a separate NIC to
do this.
Also it would require to run some local SNTP software.
My concern also is that it will not allow a precise enough synchronization
due to the nature of Windows OS.
As I recall, the timestamp of the pcap packet is given by the WinPcap
driver, not the Wireshark itself.
Are there any other, better ways to do it?
--
BR,
Bartosz