|
Hi Stuart!
I actually never looked so deeply into the IO graph with
this field. A reason I never did that is because for example tcptrace
(tcptrace.org) is so much better at plotting this at packet level, rather than
averaging over a time period. Just looking at your numbers seems to indicate
that Wireshark is plotting per tick, rather than per second. That's not the case
in my version though (1.8.0rc2), so I am wondering if you have changed the unit
from "Packets/Tick" to "Advanced"? tcp.analysis.ack_rtt goes into the right text
field then.
For the second question, I'd suggest using tshark if
possible to give you the CSV file.
tshark -r
filename.pcap -R 'tcp.stream eq 7 && tcp.len==0' -Tfields -e
tcp.analysis.ack_rtt (just one field, look in the man pages for how to create a
CSV file).
I've filtered here on ACKs (tcp.len == 0) to get
rid of empty samples, and on one TCP stream so that I am sure that these samples
belong to the same conversation.
You also have the TCP graph under Statistics -> TCP
StreamGraph -> Round Trip Time Graph.
There are other options such as exporting packet
dissections from the Wireshark file menu after adding the RTT as a column, and
of course there might possibly be some other faster and better ways for
everything I've said here :)
Kind regards,
Martin
Hi Martin,
I've been following this thread with interest ...
but I'm stumbling on the solution you sketch.
I'm in IO Graphs, I've
assigned the Filter "tcp.analysis.ack_rtt" to Graph 1, and I see a chart which,
for my trace, wanders around an average value of ~400 for a Tick interval of
.1s, ~40 for a Tick interval of .01s, and ~4 for a Tick interval of
.001s Glancing through the trace ... I might buy the idea that time
between ACKs averages ~40us ...
==> How do I know what
units Wireshark is using on the y-axis?
Alternatively, perhaps you are
suggesting a way to produce a CSV file containing these RTT calculations, from
which I could calculate AVG, MEAN, MEDIAN, etc.
==> But
I don't see how to do that, i.e. how to produce a CSV file listing
'tcp.analysis.ack_rtt' for each ACK.
And perhaps I'm not following you at
all
==> Would you elaborate on the analysis technique
you sketched below?
--sk
Stuart Kendrick
FHCRC
On 6/21/2012 3:33 AM, Martin Isaksson
wrote:
Hi,
try the tcp.flags.fin==1, tcp.stream,
tcp.analysis.ack_rtt and tcp.analysis.acks_frame fields.
Regards,
Martin
so nobody has any idea?
the intuitive idea is to
use sequence number/ack number, but it may be a bit troublesome, any other
ideas? thanks
2012/6/20 esolve esolve <esolvepolito@xxxxxxxxx>
Hi,
all,
I want to get round trip time distribution from a pcap
file. My
idea is to compute each round trip time for each pair of
data packets
and ack packets. But the difficulty is to identify the
pairs, namely,
for each data packet(ack packet) I need to find the
corresponding ack
packet(data packet). How can I achieve
this?
Besides, for the find tcp tear-down process, how to
identify each
FIN-ACK and ACK pair? thanks!
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
|
