Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
incorrect timestamps in pcap's? #129
when using netsniff-ng 0.5.8 like this:
I seem to be getting bad timestamps on packets. The file names seem to have proper values, but the packets themselves appear to be roughly 160 seconds in the future.
as an example (packets are coming in at about 200mbit/sec on this interface at this time):
The machine is NTP sync'd, and the hwclock is correct.
If I use tcpdump to write pcap files, the timestamps are accurate.
if I use netsniff-ng to grab packets from the loopback interface, the timestamps are accurate.
through some testing, it seems that if I disable hardware timestamping in netsniff-ng.c by commenting out these lines:
then the timestamps in pcap's become accurate.
the configure script detects that hw timestamping can be enabled.
I tried just disabling it in the configure script, but the above lines cause a linking error, hence why I commented it out.
I looked around for a way to disable hardware timestamping with ethtool..but could not see a way.
some details about this machine:
Thanks a lot for your report. From what you describe, this looks like a driver/kernel issue to me. I'll try to reproduce this here, but it might take some time as I currently don't have any NIC supporting HW timestamping available.
Meanwhile, I'd suggest adding a command-line option to disable HW timestamping to netsniff-ng. This should then at least work around the problem and might also be beneficial for other users. I'll do implement that some time later today...