Re: Question about seeing Latency in TCP conversations

[Andrej van der Zee <andrejvanderzee () gmail com>]

> You have to be a little careful when using this though, as Wireshark
> sometimes miscalculates this in the prescence of Duplicate ACKs. The best
> way to use it (taking out effects of the server processing delay), is
> during the initial handshake. So what I do is filter for "tcp.flags ==
> 0x12" (which is the SYN/ACK) and plot tcp.analysis.ack_rtt or add it as a
> column.

How could one do this if the tcpdump is taken from a spanned switch-port
instead of captured onsite at the client? In this case, I guess a better
approximation for wire-latency would be the timestamp difference between
the first SYN packet (client to server) and last ACK packet (client to
server) in the 3-way handshake. An extra imposed inaccuracy would be to the
processing of the TCP/IP stack at the client in addition to the server. I
guess not, but is there any way to plot this timestamp difference in an IO
graph in Wireshark? Or are there other tools that can spit this in
text-tables?

Cheers,
Andrej

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe