On Dec 28, 2012, at 1:15 PM, Maik Jäkel <em...@maikjaekel.de> wrote:
> for 2 days I'm now searching for the appropriate position to insert 5 lines
> of code:
Insert into tcpdump or insert into some other program?
> I'm trying to print out a current timestamp with nanosecond accuracy between
> every printed packet.
> I want to print packets in raw format / hex format and want to write down the
> exact time they were received.
(Presumably, in English, you mean "*before* every printed packet"; if there are
N printed packets, there are only N - 1 places between every printed packet, so
you can't time-stamp every packet by printing a time stamp between packets.)
tcpdump *already* prints the timestamp supplied by libpcap; unfortunately:
1) it has microsecond resolution, not nanosecond resolution;
2) it's not guaranteed to be the *exact* time - the time stamp might be
assigned to the packet when it's first seen by the networking stack, which
could be some time before the first or last bit of the packet arrives at the
network adapter;
3) even given point 2, it's closer to the exact time that the packet
was received than any time you will get by making an operating system call to
get the time, as it'll be even *longer* after the packet arrived than any time
stamp you get from libpcap.
All of those would apply to any program using libpcap, not just to tcpdump.
If you really want nanosecond-resolution and accurate time stamps, you would
either have to use your OS's packet capture mechanism directly, in your own
program, rather than using libpcap, and do whatever's necessary to get
nanosecond-resolution high-accuracy time stamps (which might mean you'd need a
network adapter that supplies time stamps with nanosecond resolution, and you'd
need OS support for that, which newer versions of the Linux kernel have and
newer versions of FreeBSD might have), or libpcap would have to be modified to
support that (recent versions have support for hardware time stamps in Linux
and FreeBSD, if the hardware and OS support them, but they'd need to be
extended to support requesting nanosecond-resolution time stamps).
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
