Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Add plugin timing statistics

From: Dario Lombardo <lomato () gmail com>
Date: Mon, 31 Aug 2020 17:30:19 +0200
You could start by reading stats_tree documentation that tells you how
handle statistic using the stats_tree subsystem (based on tap, but more
evolved), by reading packet_info structure that stores info about lower
layer protocols, and by reading the DNS dissector (above others), that
creates stats that sound like the ones you need.

On Mon, Aug 31, 2020 at 5:21 PM <jayrturner99 () gmail com> wrote:


I would like advice on adding timing statistics to a Wireshark plugin. I
have implemented a plugin for my company’s proprietary protocol, which sits
on top of TCP/IP. I have added tap statistics to count various interesting
pieces of data. I would now like to calculate the time it takes for the
server to process commands.



Looking at a general flow in my protocol, a command is sent (PSH, ACK) and
an ACK occurs. Then later a (PSH, ACK) and an ACK occur for the response.

If I take the response (PSH, ACK) timestamp and subtract the command ACK
timestamp, I think this would be the best “how long did the server take to
process” time.

Do you have an idea of any better timing data I should consider?



With a dissector, I can look at my protocol. How would I look at my
packet’s TCP/IP protocol and get the timestamp?



Then I would need to associate my command’s timestamp with a response
timestamp. How might I do this? Using a tap? If so, how might I do this? I
know that my activity flow is - command (PSH, ACK), command ACK, response
(PSH, ACK), response ACK - so I know that if I’m in a command packet that
the response timestamp I need is two packets ahead, sequentially, in its
conversation. Are there calls to peek ahead?



So, if you have suggestions on places within the documentation or code
that I can study, please let me know.



Thank you,

Jay Turner


___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org
?subject=unsubscribe




-- 

Naima is online.

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: