Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: [Wireshark-dev] Find ACK for my packet?

Date: Wed, 9 Sep 2020 11:15:06 -0500
I have a dissector whose protocol is under TCP/IP. When I identify a packet, I would like to find the frame that is the ACK for my PSH,ACK packet. My goal is to find the abs_tm value of the ACK packet and use that as a starting time of host processing, instead of using the abs_tm of my packet, since that would include the network latency.

While dissecting, the tcpinfo data has lastackseq, but not a frame number. There is a tcp_acked structure, but I don't know how to locate it. The ACK frame's SEQ Analysis says what frame it is ACKing, but the SEQ Analysis of my frame doesn't point to the ACK. And I can't create a dissector to look for it because the ACK frame has no TCP payload, so it won't call a dissector.

Is there some way I can locate the ACK frame of a packet and look at its abs_tm value?

Thank you,
Jay Turner