I have two captures one from the client end &
one from the server end and I am trying to use the "Compare" facility from the
Statistics menu. When I took the traces, I synchronised both laptops to an NTP
server and both were running Wireshark V1.2.8.
I have merged them chronologically in Mergcap (no
-a) and used a simple filter to break this down to one SIP call. The filter I
used was:-
ip.addr eq 10.7.0.1 and (sip or rtp)
When I used the compare option (only specifying the
same filter, leaving the other options as default) the info column gives me
values of:-
0.000000001
0.000000003
0.000000005 etc.
Is this telling me that the first frame arrived at
the server end 0.000000001 seconds after it left the client end?
Some frames now get coloured with the color
filter:-
___tmp_color_filter___01
What is the significance of these
frames?
I can email the merged trace if anyone can help
me.
Keith French
|