DEVHIDE
Login Or Sign up

Unbale to capturing packets with high-precision time stamp with go packet

204 Views Asked by At

I am trying to capture the live packets from available interface. My code is developed in go lang and for capturing purpose, I am using google's go packet library.

I am able to capture packets but I am unable to get precise timestamp.

If I run the below command and see the timestamp in wireshark, I am getting accurate difference between timestamps.

tcpdump -i device0 -j adapter_unsynced -w captureOnMachine.pcap

But, If I generate tcp dump using go packet library there is no precision.

I looked over the internet about adapter_unsynced command and saw

 PCAP_TSTAMP_ADAPTER_UNSYNCED - adapter_unsynced
                 Time  stamp provided by the network adapter on which the cap-
                 ture is being done.  This is a high-precision time stamp;  it
                 is not synchronized with the host operating system's clock.

Can we get same setting in docker or go packet library.

docker go docker-compose gopacket
Original Q&A
1

There are 1 best solutions below

0
On

There is a warning for pcap.OpenLive:

Warning: this function supports only microsecond timestamps. For nanosecond resolution use an InactiveHandle.

An InactiveHandle sets the timestamp precision to nanosecond by default (see the source code). But if the hardware or software cannot supply a higher-resolution timestamp, it will fallback to microsecond resolution. If you're sure that the timestamp source adapter_unsynced is supported by the device and supplies a higher-resolution timestamp, you can set the timestamp source like this:

package main

import (
    "log"

    "github.com/google/gopacket/pcap"
)

func main() {
    inactive, err := pcap.NewInactiveHandle("device0")
    if err != nil {
        log.Fatalf("could not create: %v", err)
    }
    defer inactive.CleanUp()

    // Configure the inactive handle:
    // inactive.SetSnapLen
    // inactive.SetPromisc
    // inactive.SetTimeout

    if t, err := pcap.TimestampSourceFromString("adapter_unsynced"); err != nil {
        log.Fatalf("Supported timestamp types: %v", inactive.SupportedTimestamps())
    } else if err := inactive.SetTimestampSource(t); err != nil {
        log.Fatalf("Supported timestamp types: %v", inactive.SupportedTimestamps())
    }
    handle, err := inactive.Activate()
    if err != nil {
        log.Fatal("PCAP Activate error:", err)
    }
    defer handle.Close()

    // use the handle ...
}

Related Questions in DOCKER

Related Questions in GO

Related Questions in DOCKER-COMPOSE

Related Questions in GOPACKET

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.