Wireshark · Wireshark-users: [Wireshark-users] question on dcerpc

Wireshark-users: [Wireshark-users] question on dcerpc

Date: Wed, 16 Apr 2008 12:44:47 +0000

folks,

i've scanned the archives and asked mr. google, but no joy.

background

running a lab simulation between an exchange server and a symantec server (physical servers connected via gig-e through a switch). dcerpc is the protocol they are using. on the symantec server we introduce wan latency simulation using another package. when displaying the round trip time diagram we see latency that is twice what we configured when we highlight one packet of the conversation and when we highlight another and regraph it shows the proper rtt. same source / dest ip's, both are dcerpc requests. we also ran an ftp copy between the two boxes and graphing it shows the proper rtt of 60ms total.

question

how is round trip time graph calculated for dcerpc in wireshark?

any info/help appreciated.

thanks.

Follow-Ups:
- [Wireshark-users] Turning off Protocols
  - From: Sheahan, John

Prev by Date: Re: [Wireshark-users] Is it a bug with Wireshark?
Next by Date: [Wireshark-users] Turning off Protocols
Previous by thread: [Wireshark-users] Extracting .eml from SMTP Pcap
Next by thread: [Wireshark-users] Turning off Protocols
Index(es):
- Date
- Thread