Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-users: Re: [Wireshark-users] Question about seeing Latency in TCP conversations

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Sheahan, John" <John.Sheahan@xxxxxxxxxxxxx>
Date: Wed, 4 Jan 2012 20:19:12 -0500

Thanks Martin, I have never done any graphing at all and didn’t know about the ack_rtt.

In this case, It seems that the ack_rtt shows the rtt between the SYN and the next packet, I need to know if there were any packets in the conversation (from SYN to FIN) that have a high RTT…..is there a way to do that?

 

johnny

 

From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Martin Visser
Sent: Wednesday, January 04, 2012 5:45 PM
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] Question about seeing Latency in TCP conversations

 

Johnny,

 

The easiest way is to examine the calculated field "tcp.analysis.ack_rtt". This appears in the details window if you have TCP Sequence Analysis on.

 

 

image.png


You have to be a little careful when using this though, as Wireshark sometimes miscalculates this in the prescence of Duplicate ACKs. The best way to use it (taking out effects of the server processing delay), is during the initial handshake. So what I do is filter for "tcp.flags == 0x12" (which is the SYN/ACK) and plot tcp.analysis.ack_rtt or add it as a column.

 

image.png

 

Regards, Martin

MartinVisser99@xxxxxxxxx

On 5 January 2012 08:20, Sheahan, John <John.Sheahan@xxxxxxxxxxxxx> wrote:

I have been given a sniffer trace by our application guys and they want me to look through it to see if any of the TCP conversations have higher than normal latencies.

The file is kind of big and too much data for me to filter and look at each conversation.

 

Is there an easy way to do this in Wireshark?

 

Thanks

 

Johnny


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe

 

Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube