ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
April 17th, 2024 | 14:30-16:00 SGT (UTC+8) | Online
Wireshark logo

Wireshark-dev: Re: [Wireshark-dev] Regarding time taken by 3 way handshake for creation a TCP c

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Sake Blok <sake@xxxxxxxxxx>
Date: Thu, 14 Aug 2008 12:12:14 +0200
On Thu, Aug 14, 2008 at 02:55:43PM +0530, naveen duniwal wrote:
> 
>    I am having a problem in understanding "time taken by 3 way handshake for
>    creation a TCP connection". Please look at following wireshark frames.

This question belongs more to the users list than to the development
list, could you use the users list in future requests like this?

Now for your question:

As the network delay is between end-points, it depends on the placement
of the capturing device *between* the endpoints what delta times you 
will see. Added to that are the delays within the endpoints.

So, looking at your packets...

>    No     Time        Source            Destination        Protocol    Info
> 
>    "1",    "0.000000",    "192.168.131.41",    "192.168.133.157",   
>    "TCP",        "sacred > http [SYN] Seq=0 Win=65535 Len=0 MSS=1360"
> 
>    "2",    "0.406250",    "192.168.133.157",    "192.168.131.41",   
>    "TCP",        "http > sacred [SYN, ACK] Seq=0 Ack=1 Win=5840 Len=0
>    MSS=1460"

The delay between packet 1 and 2 is the network delay between the
capturing device and the server, plus the delay within the server (which
usually for a SYN/SYN+ACK is about 0 ms), plus the delay between
the server and the capturing device.

In short, the delay between the capturing device and the server is
about 200ms.

>    "3",    "0.406250",    "192.168.131.41",    "192.168.133.157",   
>    "TCP",        "sacred > http [ACK] Seq=1 Ack=1 Win=65535 Len=0"

Similarly the delay between packet 2 and 3 can be interpreted. Since
the delay is 0 us, this means the capturing device is the same 
device as the client and the delay within the client is 0.

>    "4",    "0.406250",    "192.168.131.41",    "192.168.133.157",   
>    "HTTP",        "GET / HTTP/1.1"
> 
>    There is a network latency of 100ms set between my Source (192.168.131.41)
>    and Destination(192.168.133.157). Since this is a 3 step process so I
>    assumed that it will take atleast 100ms in each of the step , but the
>    above observation doesn't support it, where time diff between Ist and IInd
>    frame is around 400 ms and rest of the timestamps are same.

Well, the network latency seems to be 200ms rather than 100ms or the
server takes 400ms - 2x 100ms = 200ms to answer the SYN with a SYN+ACK.
If that is the case, than you might want to have a look at that server
to see why it is that slow...

Hope this helps,
Cheers,
    Sake
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube