netdev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

out of order tcpdump timestamp on Linux

from [Hongbo Liu] [Permanent Link][Original]
To: netdev@xxxxxxxxxxx
Subject: out of order tcpdump timestamp on Linux
From: Hongbo Liu <hongbol@xxxxxxxxxxxxxxxxxx>
Date: Mon, 10 Jul 2000 12:27:50 -0400 (EDT)
Cc: ato2@xxxxxxxx
Sender: owner-netdev@xxxxxxxxxxx 
I'm doing experiment about the LAN traffic flow by using tcpdump. I observed
the following out of order tcpdump timestamp problem:
 
962032606.281506 *.230.77.87.1611 > *.230.77.82.8901: . ack 83985 win 30408 
<nop,nop,timestamp 39071924 32468033> (DF)
962032606.281622 *.230.77.82.8901 > *.230.77.87.1611: . 112641:114089(1448) ack 
1000010 win 31856 <nop,nop,timestamp 32468034 39071924> (DF)
962032606.281512 *.230.77.87.1611 > *.230.77.82.8901: . ack 86881 win 28960 
<nop,nop,timestamp 39071924 32468033> (DF)
962032606.281654 *.230.77.82.8901 > *.230.77.87.1611: P 114089:115537(1448) ack 
1000010 win 31856 <nop,nop,timestamp 32468034 39071924> (DF)
962032606.281516 *.230.77.87.1611 > *.230.77.82.8901: . ack 89777 win 27512 
<nop,nop,timestamp 39071924 32468033> (DF)
962032606.281692 *.230.77.82.8901 > *.230.77.87.1611: P 115537:116985(1448) ack 
1000010 win 31856 <nop,nop,timestamp 32468034 39071924> (DF)
962032606.281521 *.230.77.87.1611 > *.230.77.82.8901: . ack 92673 win 26064 
<nop,nop,timestamp 39071924 32468033> (DF)
962032606.281719 *.230.77.82.8901 > *.230.77.87.1611: . 116985:118433(1448) ack 
1000010 win 31856 <nop,nop,timestamp 32468034 39071924> (DF)
962032606.281527 *.230.77.87.1611 > *.230.77.82.8901: . ack 95569 win 24616 
<nop,nop,timestamp 39071924 32468033> (DF)
962032606.281745 *.230.77.82.8901 > *.230.77.87.1611: P 118433:119881(1448) ack 
1000010 win 31856 <nop,nop,timestamp 32468034 39071924> (DF)
962032606.281533 *.230.77.87.1611 > *.230.77.82.8901: . ack 98465 win 23168 
<nop,nop,timestamp 39071924 32468033> (DF)
962032606.281771 *.230.77.82.8901 > *.230.77.87.1611: P 119881:121329(1448) ack 
1000010 win 31856 <nop,nop,timestamp 32468034 39071924> (DF)
962032606.281538 *.230.77.87.1611 > *.230.77.82.8901: . ack 101361 win 21720 
<nop,nop,timestamp 39071924 32468033> (DF)
962032606.281796 *.230.77.82.8901 > *.230.77.87.1611: . 121329:122777(1448) ack 
1000010 win 31856 <nop,nop,timestamp 32468034 39071924> (DF)
962032606.281544 *.230.77.87.1611 > *.230.77.82.8901: . ack 104257 win 20272 
<nop,nop,timestamp 39071924 32468033> (DF)
962032606.281821 *.230.77.82.8901 > *.230.77.87.1611: P 122777:124225(1448) ack 
1000010 win 31856 <nop,nop,timestamp 32468034 39071924> (DF)
962032606.281549 *.230.77.87.1611 > *.230.77.82.8901: . ack 107153 win 18824 
<nop,nop,timestamp 39071924 32468033> (DF)
962032606.281846 *.230.77.82.8901 > *.230.77.87.1611: P 124225:125673(1448) ack 
1000010 win 31856 <nop,nop,timestamp 32468034 39071924> (DF)
962032606.281555 *.230.77.87.1611 > *.230.77.82.8901: . ack 110049 win 17376 
<nop,nop,timestamp 39071924 32468033> (DF)
962032606.281873 *.230.77.82.8901 > *.230.77.87.1611: P 125673:127121(1448) ack 
1000010 win 31856 <nop,nop,timestamp 32468034 39071924> (DF)
962032606.281559 *.230.77.87.1611 > *.230.77.82.8901: . ack 112641 win 30408 
<nop,nop,timestamp 39071924 32468033> (DF)
962032606.281896 *.230.77.82.8901 > *.230.77.87.1611: . 127121:128569(1448) ack 
1000010 win 31856 <nop,nop,timestamp 32468034 39071924> (DF)
962032606.281907 *.230.77.82.8901 > *.230.77.87.1611: P 128569:130017(1448) ack 
1000010 win 31856 <nop,nop,timestamp 32468034 39071924> (DF)
962032606.281918 *.230.77.82.8901 > *.230.77.87.1611: P 130017:131465(1448) ack 
1000010 win 31856 <nop,nop,timestamp 32468034 39071924> (DF)
962032606.281928 *.230.77.82.8901 > *.230.77.87.1611: . 131465:132913(1448) ack 
1000010 win 31856 <nop,nop,timestamp 32468034 39071924> (DF)
962032606.281938 *.230.77.82.8901 > *.230.77.87.1611: P 132913:134361(1448) ack 
1000010 win 31856 <nop,nop,timestamp 32468034 39071924> (DF)
962032606.281948 *.230.77.82.8901 > *.230.77.87.1611: P 134361:135809(1448) ack 
1000010 win 31856 <nop,nop,timestamp 32468034 39071924> (DF)
962032606.281960 *.230.77.82.8901 > *.230.77.87.1611: P 135809:137257(1448) ack 
1000010 win 31856 <nop,nop,timestamp 32468034 39071924> (DF)

The two hosts are in the same LAN (Ethernet 100Mbps). Both are linux box. 
The tcpdump is version 3.4 with libpcap-0.4. I had thought of two possible 
reasons, but both are problematic. 
One is local clock adjustment. But this reason is not so persuasive. 
Since if the decreasing of timestamp is because local clock is faster than 
the global clock. This kind of adjustment should not be so frequently with 
the minimal interval of 0.004 ms!
Another possible reason is there are two different threads responsible for
getting timestamp of tcpdump and they are not synchronized. But as I use
top, I found only one thread for tcpdump.

Does anyone have any idea on what happened with Linux and tcpdump and
how to fix it?

-Hongbo
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • out of order tcpdump timestamp on Linux, Hongbo Liu <=
Previous by Date:  Re: Adding of destination options in IPv6, Andi Kleen
Next by Date:  Re: Adding of destination options in IPv6, Stefan Schlott
Previous by Thread:  list, Marko Cuk
Next by Thread:  tcp_poll? What is that?, Andy
Indexes:  [Date] [Thread] [Top] [All Lists]