Wireshark · Wireshark-dev: Re: [Wireshark-dev] Initial RTT

[Pascal Quantin <pascal.quantin@xxxxxxxxx>]

2014-07-02 20:59 GMT+02:00 Jasper Bongertz <jasper@xxxxxxxxxxxxxx>:

Hello,

  as promised during Sharkfest, I checked the latest developer builds
  for the accuracy of the calculation of initial RTT for TCP
  connections. So far I have only seen correct results, even in cases
  with heavy packet loss during the three way handshake. So I think
  the code is good.

  I also checked traces where the TCP expert was incorrectly assuming
  a retransmission when it was in fact an out-of-order packet. Those
  are now correctly identified, at least when we have the handshake
  and thus initial RTT. Thumbs up for that.

  Regarding the way to handle missing handshakes - I would go with the
  old 3ms arbitrary value in that case, because most Wireshark
  captures are taken in local network environments. Higher values are
  problematic because retransmissions are not flagged anymore and
  called out-of-order instead, which could lead to a lot of confusion
  out there. I prefer false positives for retransmissions over
  out-of-orders.

  Again, thanks for the effort!

Cheers,
Jasper

Hi,

if it is working great (Evan changed the timer back to its old 3ms arbitrary value in case we do not have the handshake) would it make sense to backport this change from the development branch to the 1.12 one (before Wireshark 1.12 gets released)?

Regards,
Pascal.