RTT timing for TCP packet using Wireshark
Question
I want to calculate the Round Trip timing for the TCP packets.
But in wireshark, I don't see any particular field for the RTT timing for a TCP packet like its there for the RTP packet.
Wireshark do calculates the RTT graph but i am not finding as how it has been calculated.
Can someone help me out in finding the formula used for the same?
3 answers
solution1
5 2012-10-16 14:19:52
There is nothing inside TCP that gives the round-trip time. It's estimated by the kernel based on how long it takes to receive an ACK to data that was sent. It records the timestamp of when a given sequence number went out and compares it to the timestamp of the corresponding ACK. The initial 3-way handshake gives a decent starting value for this.
However, this is only an estimate as the receiver is free to delay ACKs for a short period if it feels it can respond to multiple incoming packets with a single reply.
RTT frequently changes over the duration of the session due to changing network conditions. The effect is (obviously) more pronounced the further away the endpoints.
solution2
1 2016-03-15 16:21:04
如果您正在使用wireshark,它会显示iRtt =初始Round Trip和每个已发送数据包的Rtt,只需查看“在新窗口显示数据包/ seq / ack分析”
solution3
1 2016-03-23 15:01:09
If you want to get the values of the RTT calculated by wireshark/tshark, the following did the trick for me to print them on stdout:
tshark -r myfile.pcap -Y 'ip.addr == AA.BB.CC.DD' -T fields -e tcp.analysis.ack_rtt
(where I used the display filter after -Y to restrict the analysis to only one remote host)
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.