This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

unexplainable time jumps

0

The sniff file has the right timestamp in the file name and on the OS after writing. But in the sniff file ever 20 min. the time jump back. The OS has the right time. There is no NTP how change time or make trouble. Ideas?

asked 06 May '11, 05:46

chofmann's gravatar image

chofmann
1111
accept rate: 0%

Do you know the hardware time source being used by the OS? The TSC time source with some CPU implementations is known to have unacceptable clock drift rates up in the OS...google "hardware time source tsc"

(29 Jul '11, 08:06) ivanh

One Answer:

0

-the DNS-Server work right
-no NTP server installed
-no other program is installed how use the winpcap library
-OS time is right
-latest wireshark and winpcap program is installed

Maybe its a winpcap bug.
A new trace file created with "Mircosoft Network Monitor 3.3" on the same server has no time jumps.
Under specific circumstances this phenomenon appears on a win server.

answered 29 Jul '11, 06:36

chofmann's gravatar image

chofmann
1111
accept rate: 0%

edited 29 Jul '11, 08:22

joke's gravatar image

joke
1.3k4934