Wireshark-users: Re: [Wireshark-users] how to get round trip time and identify FIN-ACK and ACK pa
From: Stuart Kendrick <skendric@xxxxxxxxx>
Date: Tue, 26 Jun 2012 04:53:58 -0700
Hi Martin,

I've been following this thread with interest ... but I'm stumbling on the solution you sketch.

I'm in IO Graphs, I've assigned the Filter "tcp.analysis.ack_rtt" to Graph 1, and I see a chart which, for my trace, wanders around an average value of ~400 for a Tick interval of .1s, ~40 for a Tick interval of .01s, and ~4 for a Tick interval of .001s   Glancing through the trace ... I might buy the idea that time between ACKs averages ~40us ...
    ==> How do I know what units Wireshark is using on the y-axis?

Alternatively, perhaps you are suggesting a way to produce a CSV file containing these RTT calculations, from which I could calculate AVG, MEAN, MEDIAN, etc.
    ==> But I don't see how to do that, i.e. how to produce a CSV file listing 'tcp.analysis.ack_rtt' for each ACK.

And perhaps I'm not following you at all
    ==> Would you elaborate on the analysis technique you sketched below?

--sk

Stuart Kendrick
FHCRC

On 6/21/2012 3:33 AM, Martin Isaksson wrote:
Hi,
 
try the tcp.flags.fin==1, tcp.stream, tcp.analysis.ack_rtt and tcp.analysis.acks_frame fields.
 
Regards,
Martin


From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of esolve esolve
Sent: den 21 juni 2012 12:01
To: wireshark-users@xxxxxxxxxxxxx
Subject: Re: [Wireshark-users] how to get round trip time and identify FIN-ACK and ACK pairs

so nobody has any idea?
the intuitive idea is to use sequence number/ack number, but it may be a bit troublesome, any other ideas? thanks

2012/6/20 esolve esolve <esolvepolito@xxxxxxxxx>
Hi, all,

 I want to get round trip time distribution from a pcap file.  My
idea is to compute each round trip time for each pair of data packets
and ack packets. But the difficulty is to identify the pairs, namely,
for each data packet(ack packet) I need to find the corresponding ack
packet(data packet). How can I achieve this?

  Besides, for the find tcp tear-down process, how to identify each
FIN-ACK and ACK pair? thanks!



___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe