Hi everyone, i want to find the transmission time of each packet from respective source to destination in a network. in wire shark there a column named as "Time" which can be configured to show the captured packet time. my doubt is exactly when the wireshark captures the packets is it before the packet reaches to the destination or before it. can i use wireshark for what i am trying to get?? can anyone reading this please help me out Thanks.. asked 29 Sep '14, 00:09  srinivas1117 |
One Answer:
Packet timestamping is done by the packet capturing code on Linux I think it's done in the kernel code(or libpcap) and on Windows by WinPcap.
Not sure what you mean by this, timstamping happens on the server running the capturing program. So if you are using a span/mirror port on the switch the packet is timestanp after it's been copied to the mirroring port and received by the NIC card on the server and passed on to the network stack. Idelly you need to capture on the sending and receiving system and compare the timestamps the accurassy on such an exercise might not be that great say +- 10 ms(ballpark (perhaps)). answered 29 Sep '14, 06:13  Anders ♦ |
