Re: [tcpdump-workers] Timestamp resolution under Linux better than 10ms?

Sat, 23 Mar 2002 21:46:49 -0800 


Folks,

Maybe I'm missing something, but I'm seeing fairly high resolution
timestamps on my 2.4.16 linux kernel, using my mmap'd version of libpcap.
Here is a sample tcpdump from a relatively high usage time period:

1016743139.674653 172.16.31.26.41742 > 10.1.19.2.37791: tcp 1448 (DF)
1016743139.674654 172.16.31.26.41743 > 10.1.19.2.37791: tcp 1448 (DF)
1016743139.674656 10.1.19.2.37791 > 172.16.31.26.41743: tcp 0 (DF)
1016743139.674657 172.16.31.26.41742 > 10.1.19.2.37791: tcp 1448 (DF)
1016743139.674658 172.16.31.26.41742 > 10.1.19.2.37791: tcp 1448 (DF)
1016743139.674659 192.168.113.219.12383 > 203.2.218.29.554: tcp 0 (DF)
1016743139.674660 10.1.19.2.37791 > 172.16.31.26.41742: tcp 0 (DF)
1016743139.674661 172.16.31.26.41743 > 10.1.19.2.37791: tcp 1448 (DF)
1016743139.674662 10.1.19.2.37791 > 172.16.31.26.41743: tcp 0 (DF)
1016743139.674773 172.16.31.26.41742 > 10.1.19.2.37791: tcp 1448 (DF)
1016743139.674775 10.205.234.38.8070 > 192.168.14.10.49436: tcp 1136 (DF)
1016743139.674776 192.168.219.253.1755 > 192.168.84.58.3501: tcp 781 (DF)
1016743139.674777 10.1.19.2.37791 > 172.16.31.26.41742: tcp 0 (DF)
1016743139.674779 10.1.19.2.37791 > 172.16.31.26.41743: tcp 0 (DF)
1016743139.674901 192.168.74.131.2638 > 10.205.228.17.554: tcp 0 (DF)
1016743139.674902 172.16.31.26.41743 > 10.1.19.2.37791: tcp 1448 (DF)
1016743139.675019 172.16.31.26.41742 > 10.1.19.2.37791: tcp 1448 (DF)
1016743139.675021 172.16.31.26.41742 > 10.1.19.2.37791: tcp 1448 (DF)
1016743139.675022 172.16.31.26.41742 > 10.1.19.2.37791: tcp 1448 (DF)
1016743139.675023 172.16.31.26.41742 > 10.1.19.2.37791: tcp 1448 (DF)
1016743139.675024 172.16.31.26.41742 > 10.1.19.2.37791: tcp 1448 (DF)
1016743139.675137 172.16.31.26.41742 > 10.1.19.2.37791: tcp 1448 (DF)
1016743139.675139 172.16.31.26.41742 > 10.1.19.2.37791: tcp 1448 (DF)

At this particular time I was seeing 58,655 packets a second on the 
interface, and pcap was telling me that it had processed 58662.  The
discrepancy is due to how I capture these stats.  The interface stats
come from /proc/net/dev, while the processed comes from a counter in
libpcap.  Here is the source of data:

S:1016743139.674653 58662 0 58658 0 58655 55839466 55846901 0 12713 401 0 
000000001.000067

The last field is the difference between two packet times approximately a
second apart.  The first packet being seen at 1016743139.674653 and the
58662 packet being seen at approximately 1016743140.674720.

The kernel was config'd with these relevant entries:

  CONFIG_X86_TSC=y
  CONFIG_PACKET=y
  CONFIG_PACKET_MMAP=y
  CONFIG_FILTER=y

Phil Wood
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe

Reply via email to