Wireshark · Wireshark-dev: Re: [Wireshark-dev] Initial RTT

[Pascal Quantin <pascal.quantin@xxxxxxxxx>]

2014-07-03 12:45 GMT+02:00 Jasper Bongertz <jasper@xxxxxxxxxxxxxx>:

> 2014-07-02 20:59 GMT+02:00 Jasper Bongertz <jasper@xxxxxxxxxxxxxx>:

> Hello,
>
>    as promised during Sharkfest, I checked the latest developer builds
>    for the accuracy of the calculation of initial RTT for TCP
>    connections. So far I have only seen correct results, even in cases
>    with heavy packet loss during the three way handshake. So I think
>    the code is good.
>
>    I also checked traces where the TCP expert was incorrectly assuming
>    a retransmission when it was in fact an out-of-order packet. Those
>    are now correctly identified, at least when we have the handshake
>    and thus initial RTT. Thumbs up for that.
>
>    Regarding the way to handle missing handshakes - I would go with the
>    old 3ms arbitrary value in that case, because most Wireshark
>    captures are taken in local network environments. Higher values are
>    problematic because retransmissions are not flagged anymore and
>    called out-of-order instead, which could lead to a lot of confusion
>    out there. I prefer false positives for retransmissions over
>    out-of-orders.
>
>    Again, thanks for the effort!
>
>  Cheers,
>  Jasper

> Hi,

> if it is working great (Evan changed the timer back to its old 3ms
> arbitrary value in case we do not have the handshake) would it make
> sense to backport this change from the development branch to the
> 1.12 one (before Wireshark 1.12 gets released)?
>

> Regards,
> Pascal.

yes, it would definitely be nice to have it in 1.12 if possible.

Cheers,
Jasper

Hi Jasper,

it was just merged.

Cheers,
Pascal.