0

i'm capturing network packets( a transport stream) along with its arrival time using winpcap library. But I'm facing some issues.Whenever I play audio on my machine or copy a large file from network, the timing information of my captured packets gets distorted.Some packets timestamp are very close to each other while others are a bit far.Is there any solution (software/hardware) to rectify this.I need accurate timestamping of network packets.

Ashish
  • 11
  • 4

1 Answers1

0

You could raise the process priority of the capture application to High using the Task Manager.

But you really need to consider what you are trying to achieve and why. Do you want to know when the packet arrives at the NIC, when it is processed by the kernel, when the kernel places it in the capture program's socket buffer, when the capture program reads it out of its buffer, when the kernel places it in some other programs socket buffer, or when some other program reads it from its socket buffer?

All those time stamps are different, and when the system is under load the differences will necessarily become larger. Timing information from capture program will most likely reflect that time when the capture program read the packet out of its own socket buffer. Increasing the capture application's process priority will make that happen more smoothly, but it will make the handling of packets by any other applications less reliable.

Seth Noble
  • 3,233
  • 19
  • 31
  • Does raising process priority works on windows? I tried this before but felt as if its working same behavior as with normal processes. Anyways I need the timestamp when packet arrives at NIC.Currently I use winpcap which I guess gives the timestamp when application reads the packet form its own socket buffer.Is there any way to get the timestamp at NIC – Ashish Jun 07 '12 at 05:53
  • Raising the priority "works" in the sense that it does raise the priority. That affects performance when multiple processes are contending for the same resources. You mentioned having problems when multiple processes are running, so that might help. The NIC operates independent of the CPU and system clock. There is no way to know exactly when it does anything. You might be able to look up the typical delay for your brand of NIC. But unless the driver specifically supports time stamping, the best you can know from user-space is when a packet is read from the socket and estimate from that. – Seth Noble Jun 07 '12 at 14:20