1 | initial version |
The timestamps are generated by the capture library (npcap on windows, libpcap on other systems). The path a packet travels before it reaches the capture library can involve some buffers (I bet there are buffers on the USB-RJ45 interface itself, as well as some buffering in the driver for the USB-RJ45 interface). So when a burst of buffered packets pass the capture library, they can end up having the same timestamp.
Also, there are multiple timestamping options in WIndows, there is a trade-off between accuracy and precision. One mode is more accurate, but less precies (it uses 10/15 ms timeticks) and the other one is more precise (microsecond precision IIRC), but it can drift from the system clock a little bit over time. So if you use the "accurate" mode, all packets received in a 10/15 ms interval will get the same timestamp. See also: https://github.com/nmap/npcap/issues/583