Hello,
as promised during Sharkfest, I checked the latest developer builds
for the accuracy of the calculation of initial RTT for TCP
connections. So far I have only seen correct results, even in cases
with heavy packet loss during the three way handshake. So I think
the code is good.
I also checked traces where the TCP expert was incorrectly assuming
a retransmission when it was in fact an out-of-order packet. Those
are now correctly identified, at least when we have the handshake
and thus initial RTT. Thumbs up for that.
Regarding the way to handle missing handshakes - I would go with the
old 3ms arbitrary value in that case, because most Wireshark
captures are taken in local network environments. Higher values are
problematic because retransmissions are not flagged anymore and
called out-of-order instead, which could lead to a lot of confusion
out there. I prefer false positives for retransmissions over
out-of-orders.
Again, thanks for the effort!
Cheers,
Jasper
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
