Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: [Wireshark-dev] SRT vs RTD

Date: Tue, 28 Apr 2015 10:32:29 -0400
I started working on ensuring that SRT (service response time) stats that are available in Wireshark are also available in TShark (taking bug 9363 a step farther).  I initially collected my data by doing a grep on ",srt" and comparing the filenames it showed up on in \ui\cli and \ui\gtk.  The initial list showed a big disparity between what was supported in Wireshark and what was supported in TShark.  After digging a little deeper, I came to realize that the disparity isn't that great, it's just some of the TShark stats use ",rtd" (response time delay) as their stat tap name.
 
So my first question would be - what's the difference?  It appears the computation is different, but then why did the Wireshark stat tap names that use ",rtd" in TShark use ",srt" in the first place?  Seems to me like there should be a change for consistency, but I realize that will break backwards compatibility.  Justified in my opinion, but I wanted to solicit others.
 
The other thing I'm trying to accomplish is refactoring the functionality back to the dissector, like what was done with conversations and endpoints (to make the Qt adoption of these statistics much easier).   Should the refactoring just be 2 separate pieces of functionality - one for SRT and one for RTD?  Is there a way to combine them all that makes sense?  With the little bit of refactoring I've done on the TShark side, more dissector stats now have "Sum SRT".  Should the "RTD specific" stats of "Min in Frame" and "Max in Frame" just be appended to existing SRT?  The only issue I see on the TShark side is just fitting it on a "screen" (limiting lines to ~80 characters)