cardigliano
commented
5 years ago @FOSquare please note that packets are buffered by the adapter (there is a small fifo ranging from 4K to 32K buffers on Intel adapters, according to the model) before being delivered to n2disk (or to the kernel if you are using standard drivers). Precision in this case is usually in the order of usec, thus it happens to get what you see. If you need the exact timestamp with nsec precision, you need to use an adapter with hardware timestamps.
FOSquare
The timestamp of the packet are not accuarate enough.
when i check the captured file. I found a lot of the packet have the same tiemstamp. I think it is not correct.
since the packet length is 1440-byte, the NIC bandwidht is 10Gb/s. the interval between two packts are at least 1440*8/10 = 1.152 us. However, below is the timestamps of a group of 12 countiuous packets. The packet length are all 1440-byte.
09:47:42:960246 09:47:42:001590 09:47:42:001592 09:47:42:001592 09:47:42:001592 09:47:42:001593 09:47:42:001593 09:47:42:001593 09:47:42:001594 09:47:42:001594 09:47:42:001595 09:47:42:001595
3 packets are stamped with the same timestamp. which mean in 1us, three packets are sent. which is not correct.
I search from the internet. https://www.elvidence.com.au/understanding-time-stamps-in-packet-capture-data-pcap-files/ they talk about the timestamp accuracy. It says:
The accuracy of a timestamp depends on many factors including the performance of the system used to capture packets, its operating system, configuration, and more.
"On a Microsoft Windows computer the WinPCAP library is synced with the computer clock only at the beginning of the packet capture. As a result, timestamps and the system time may differ by a few seconds or milliseconds under heavy system load, high CPU utilisation or prolonged packet captures.
On Linux and most POSIX systems where libpcap is used, the timestamps are supplied by the kernel."
How can I use n2disk to get a very acurate timestamp? or is it impossble? thanks a lot.