Ask Your Question
0

Why Wireshark shows several SV packages with the same arrival time?

asked 2023-02-02 19:13:57 +0000

Why Wireshark shows several SV packages with the same arrival time using a Windows 11 laptop, with the USB - RJ45 interface

edit retag flag offensive close merge delete

Comments

It is safe to say that we don't know.

My guess however would be that the USB driver gets them all at once from the adapter and that is the timestamp that is relevant for your machine.USB ethernet devices are not on my list of best tools for the job.but sometims you have to go with what you have.

hugo.vanderkooij gravatar imagehugo.vanderkooij ( 2023-02-03 06:51:41 +0000 )edit

1 Answer

Sort by ยป oldest newest most voted
0

answered 2023-02-03 13:44:15 +0000

SYN-bit gravatar image

The timestamps are generated by the capture library (npcap on windows, libpcap on other systems). The path a packet travels before it reaches the capture library can involve some buffers (I bet there are buffers on the USB-RJ45 interface itself, as well as some buffering in the driver for the USB-RJ45 interface). So when a burst of buffered packets pass the capture library, they can end up having the same timestamp.

Also, there are multiple timestamping options in WIndows, there is a trade-off between accuracy and precision. One mode is more accurate, but less precies (it uses 10/15 ms timeticks) and the other one is more precise (microsecond precision IIRC), but it can drift from the system clock a little bit over time. So if you use the "accurate" mode, all packets received in a 10/15 ms interval will get the same timestamp. See also: https://github.com/nmap/npcap/issues/583

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2023-02-02 19:13:57 +0000

Seen: 264 times

Last updated: Feb 03 '23