Re: [Ethereal-users] (no subject)

[Ulf Lamping <ulf.lamping@xxxxxx>]

vaibhav_kaware@xxxxxxxxxxxxxxxx wrote:
> Hi,
> isn't it true that packet is timestamped/captured when it
> comes to the machine on which a packet sniffer is installed? 
>
>   
See http://www.wireshark.org/docs/wsug_html_chunked/ChAdvTimestamps.html
> So, if the desired destination and the machine on which the
> sniffer is installed is not the same,
>         then the time stamp on the packet may not be same as
> the timestamp at the desired destination's machine. 
>   
Yes.
> e.g.
> So, if machine A records a network traffic, then time stamp on
> a packet, sent by some X within network to other server S
> outside network, as captured/recorded by machine A, is what
> timestamp? What time will it signify?
>   
The time when it arrived at machine X (or better when the kernel on 
machine X timestamped it).
> Q2. Is there any way of knowing the timestamp of the packet at
> the source?
> i.e., is it possible to know the time at which a particular
> packet left the source machine?
>   
Running a second sniffer on the source machine, with *very accurate* 
syncronised times between sniffers.

However, I don't know a way to do this.


Regards, ULFL