Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] Regarding time taken by 3 way handshake for creation a TCP c

From: "Lars Worsaae" <lars.worsaae@xxxxxxxxx>
Date: Mon, 18 Aug 2008 09:30:32 +0200
Where do you meassure?
I guess you have wireshark running on the client machiene or a setup
is like this:

client -> wireshark measuring point -> delaying mechanism -> server
In this setup there will be no delay between events in client and as
logged by wireshark
The full delay will be when a pcaket travels through the delay mechanism
If we assume your server is responding in 0 time then the delay
(network latency) is 200ms

At time 0 the SYN leaves the client and is logged by wireshark (packet 1).
At time 0.2 this SYN arrives at the server,
At time 0.2 this server returns a SYN,ACK
At time 0.4 syn+ack arrives  is received in client and is logged by
wireshark (packet 2)
At time 0.4 the client sends ACK and this is logged by wireshark (packet 3)
At time 0.4 the client sends data and this is logged by wireshark (packet 4)

Fits precisely the observed data

/Rgds Lars


On Thu, Aug 14, 2008 at 9:11 AM, Naveen Kumar Duniwal
<Naveen.Duniwal@xxxxxxxxxxxx> wrote:
>
> Hi
>
> I am having a problem in understanding "time taken by 3 way handshake for
> creation a TCP connection". Please look at following wireshark frames.
>
> No      Time            Source                  Destination
> Protocol        Info
>
> "1",    "0.000000",     "192.168.131.41",       "192.168.133.157",
> "TCP",          "sacred > http [SYN] Seq=0 Win=65535 Len=0 MSS=1360"
>
> "2",    "0.406250",     "192.168.133.157",      "192.168.131.41",
> "TCP",          "http > sacred [SYN, ACK] Seq=0 Ack=1 Win=5840 Len=0
> MSS=1460"
>
> "3",    "0.406250",     "192.168.131.41",       "192.168.133.157",
> "TCP",          "sacred > http [ACK] Seq=1 Ack=1 Win=65535 Len=0"
>
> "4",    "0.406250",     "192.168.131.41",       "192.168.133.157",
> "HTTP",         "GET / HTTP/1.1"
>
> There is a network latency of 100ms set between my Source (192.168.131.41)
> and Destination(192.168.133.157). Since this is a 3 step process so I
> assumed that it will take atleast 100ms in each of the step , but the above
> observation doesn't support it, where time diff between Ist and IInd frame
> is around 400 ms and rest of the timestamps are same.
>
> Could you please advice me what I am doing wrong in this.
>
> Thanks in advance.
>
> Regards
> Naveen
>
> _______________________________________________
> Wireshark-dev mailing list
> Wireshark-dev@xxxxxxxxxxxxx
> https://wireshark.org/mailman/listinfo/wireshark-dev
>
>