Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-users: Re: [Wireshark-users] Question on measuring on both sides of a masquerading serv

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Sake Blok | SYN-bit <sake.blok@xxxxxxxxxx>
Date: Thu, 25 Apr 2019 13:41:33 +0200
> On 24 Apr 2019 (Wed), at 00:44, L A Walsh <wireshark@xxxxxxxxx> wrote:
> On 4/23/2019 12:32 PM, Sake Blok | SYN-bit wrote:
>> 
>> Please note that RTT calculations are done from the view of the capture point. So if you capture near system A, the roundtrip times for traffic being sent from A to B will be showing the 'real' roundtrip times, as the data packets are seen at the capture point just slightly after they have left system A. Then the ACK comes in after the packet has traversed the network over to system B and B sent the ACK back. But when system B sends data, it has already travelled the network all the way to system A, then A sends the ACK and it is seen by the capturing machine before it travels all the way back to system B.
>> 
>> So, unless you are able to capture on the remote side, you will only be able to deduct the TCP RTT times by looking at the traffic that is sent from our side to the remote side.
>> 
> If the measuring machine in your example is between A+B would I only see
> the RTT time because of 'A's ACK or would I see it as the packet passes
> through the "router" (masquerade box)?

The TCP RTT calculation is done by looking at the ACK's. If there is only data flowing in one direction, you would not even see any RTT values for the other direction.

So in your example where B is close to A, all data packets sent from C to A will pass the part of the network where there is substantial delay before passing capture point B. The the data will be acked by A and the time between the data packet from C and the ack from A will be short (because your capture point B is close to A). For the reverse RTT calculation, when A sends data to C, it will pass past B before hitting the part of the network that does have substantial delay. Then the data packet travels to C (with latency), C acks the data and the ACK travels back to A over the part of the network with substantial delay before capture point B gets to see the ACK. Hence, the RTT in one direction is only measuring the RTT between B and A and the RTT in the other direction is only measuring the RTT between B and C. None of the graphs is showing you the RTT between A and C.

Cheers,
Sake
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube