Ask Your Question
0

What kind of HW timestamp is now supported with Wireshark 2.6.0?

asked 2018-05-12 09:38:20 +0000

Christian_R gravatar image

updated 2018-05-12 11:52:27 +0000

Hi, I have read in the Release notes of Wireshark 2.6.0, that Wireshark now supports HW timestamping. What does this mean? HW timestamping of what?

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
2

answered 2018-05-12 20:54:10 +0000

Guy Harris gravatar image

It means that if you have:

  • a network adapter that supports time stamping of packet arrival times, so that it will provide a time stamp to the host;
  • a Linux kernel that supports hardware time stamping of packet arrival times and includes a driver for that network adapter that supports hardware time stamping of packet arrival times;
  • a sufficiently recent version of libpcap that, on Linux, supports hardware time stamping of packet arrival times;

Wireshark will provide a UI option that lets you request hardware time stamping of packet arrival times.

Note that the Linux time stamps in question appear to be in units of seconds and fractions of a second that have elapsed since 1970-01-01 00:00:00 TAI, not seconds and fractions of a second that have elapsed since 1970-01-01 00:00:00 UTC, and not "seconds (and fractions of a second) since the Epoch" (which is not to be confused with seconds that have elapsed since 1970-01-01 00:00:00 UTC, because "seconds since the Epoch" is really "seconds since the Epoch, not counting leap seconds").

That's not noted in any fashion in the capture file, so those values get supplied to the OS's standard time conversion routines, meaning they'll be off from UTC by a few seconds, and may be different from times in packets that don't have hardware time stamps, such as packets sent by the machine running Wireshark, as those use the OS clock which is either seconds and fractions of a second that have elapsed since 1970-01-01 00:00:00 UTC or "seconds (and fractions of a second) since the Epoch".

edit flag offensive delete link more

Comments

@Guy Harris Thank you for answer.

So if I understand you right, you mean: Wireshark supports now HW timestamping function for caturing if adapter and driver support this, but only on Linux?

Is the UI option always visible or just in the case, when Wireshark detects that this option is possible for this adpater?

Christian_R gravatar imageChristian_R ( 2018-05-12 21:10:27 +0000 )edit
1

Wireshark supports now HW timestamping function for caturing if adapter and driver support this, but only on Linux?

Adapter, driver, and libpcap; libpcap only supports this on Linux, so Wireshark only supports this on Linux.

Is the UI option always visible or just in the case, when Wireshark detects that this option is possible for this adpater?

The only UI option is a command-line option, and, as the commit comments for the commit that added it say:

commit aca55a29f7b982e7a0bd9911d1d176561c8d7a84
Author: Ahmad Fatoum <[email protected]>
Date:   Mon Aug 7 16:38:52 2017 +0200

    Add hardware timestamping support

    pcap provides a pcap_set_tstamp_type function, which can be used to request
    hardware timestamps from a supporting kernel.

    This patch adds support for aforementioned function as well as two new
    command line options to dumpcap, wireshark and tshark:

        --list-time-stamp-types
                                 List time stamp types supported for the interface
        --time-stamp-type <type>
                                 Change the interface ...
(more)
Guy Harris gravatar imageGuy Harris ( 2018-05-12 21:45:11 +0000 )edit

Thank you! Now I got it.

Christian_R gravatar imageChristian_R ( 2018-05-12 21:56:26 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2018-05-12 09:38:20 +0000

Seen: 2,332 times

Last updated: May 12 '18