Hi Graham,
the problem with w32time service is that:
- it is only a client, so I still need to synchronize to some external
server
- "We do not guarantee and we do not support the accuracy of the W32Time
service between nodes on a network."
The better solution would be to use apps such as OpenNTPD but it still
requires additional setup.
To be frank, the best solution would be to have Precision Time Protocol
server/client built into a Wireshark and a magic button "Synchronize
between <list-of-machines>".
But I doubt it is available ;-)
--
BR,
Bartosz.
On Thu, 25 Aug 2011 11:56:38 +0200, Graham Bloice
<graham.bloice@xxxxxxxxxxxxx> wrote:
On 25/08/2011 10:30, Bartosz Kiziukiewicz wrote:
Hi,
I was wondering what would be the best solution for solving following
problem.
I'm using two or more separate Windows machines for capturing traffic
in a
few network points.
The problem is that every machine has a different RTC time (even if the
difference is a few seconds).
That complicates the correct correlation of traffic dumps.
What would be the best way to solve it?
I was thinking about some external time synchronization between
machines.
However that would require additional network wiring and a separate NIC
to
do this.
Also it would require to run some local SNTP software.
My concern also is that it will not allow a precise enough
synchronization
due to the nature of Windows OS.
As I recall, the timestamp of the pcap packet is given by the WinPcap
driver, not the Wireshark itself.
Are there any other, better ways to do it?
Windows has built-in facilities to synchronise the time between machines.
Have a look at what the w32tm executable can do for you:
http://technet.microsoft.com/en-us/library/w32tm%28WS.10%29.aspx
Later versions of windows add more functionality to the command.