THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

What kind of HW timestamp is now supported with Wireshark 2.6.0?

Hi, I have read in the Release notes of Wireshark 2.6.0, that Wireshark now supports HW timestamping. What does this mean? HW timestamping of what?

Christian_R's avatar
2.1k
Christian_R
asked 2018-05-12 09:38:20 +0000, updated 2018-05-12 11:52:27 +0000
edit flag offensive 0 remove flag close merge delete

Comments

add a comment see more comments

1 Answer

2

It means that if you have:

  • a network adapter that supports time stamping of packet arrival times, so that it will provide a time stamp to the host;
  • a Linux kernel that supports hardware time stamping of packet arrival times and includes a driver for that network adapter that supports hardware time stamping of packet arrival times;
  • a sufficiently recent version of libpcap that, on Linux, supports hardware time stamping of packet arrival times;

Wireshark will provide a UI option that lets you request hardware time stamping of packet arrival times.

Note that the Linux time stamps in question appear to be in units of seconds and fractions of a second that have elapsed since 1970-01-01 00:00:00 TAI, not seconds and fractions of a second that have elapsed since 1970-01-01 00:00:00 UTC, and not "seconds (and fractions of a second) since the Epoch" (which is not to be confused with seconds that have elapsed since 1970-01-01 00:00:00 UTC, because "seconds since the Epoch" is really "seconds since the Epoch, not counting leap seconds").

That's not noted in any fashion in the capture file, so those values get supplied to the OS's standard time conversion routines, meaning they'll be off from UTC by a few seconds, and may be different from times in packets that don't have hardware time stamps, such as packets sent by the machine running Wireshark, as those use the OS clock which is either seconds and fractions of a second that have elapsed since 1970-01-01 00:00:00 UTC or "seconds (and fractions of a second) since the Epoch".

Guy Harris's avatar
19.9k
Guy Harris
answered 2018-05-12 20:54:10 +0000
edit flag offensive 0 remove flag delete link
more

Comments

@Guy Harris Thank you for answer.

So if I understand you right, you mean: Wireshark supports now HW timestamping function for caturing if adapter and driver support this, but only on Linux?

Is the UI option always visible or just in the case, when Wireshark detects that this option is possible for this adpater?

Christian_R's avatar Christian_R (2018-05-12 21:10:27 +0000) edit
more
  • delete
1

Wireshark supports now HW timestamping function for caturing if adapter and driver support this, but only on Linux?

Adapter, driver, and libpcap; libpcap only supports this on Linux, so Wireshark only supports this on Linux.

Is the UI option always visible or just in the case, when Wireshark detects that this option is possible for this adpater?

The only UI option is a command-line option, and, as the commit comments for the commit that added it say:

commit aca55a29f7b982e7a0bd9911d1d176561c8d7a84
Author: Ahmad Fatoum <[email protected]>
Date:   Mon Aug 7 16:38:52 2017 +0200

    Add hardware timestamping support

    pcap provides a pcap_set_tstamp_type function, which can be used to request
    hardware timestamps from a supporting kernel.

    This patch adds support for aforementioned function as well as two new
    command line options to dumpcap, wireshark and tshark:

        --list-time-stamp-types
                                 List time stamp types supported for the interface
        --time-stamp-type <type>
                                 Change the interface ...
(more)
Guy Harris's avatar Guy Harris (2018-05-12 21:45:11 +0000) edit
more
  • delete

Thank you! Now I got it.

Christian_R's avatar Christian_R (2018-05-12 21:56:26 +0000) edit
more
  • delete
add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer