This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Try to obtain RTT average in windows

0

Hi,

For my internship i have to do network performance.

With wireshark i cannot obtain the RTT average or have all RTT values (i could do the average with excel if i have it).

I tried with statistics -> RTT StreamGraph -> RTT Graph the values appears in a graph but i can't collect them.

One other try: IO Graph, with filter and unit advanced, AVG(tcp.analysis.ack_rtt), the "Analyze TCP sequence numbers" activated in TCP protocol options in Wireshark preferences, and there is an empty grap without values.

Can someone help me?

PS: I work with Windows Server 2008 R2.

Thank's

asked 17 Jun '13, 03:07

Geoffrey%20Plv%20CouchCouch's gravatar image

Geoffrey Plv...
1112
accept rate: 0%

2 Answers:

1

I believe RTT is a calculated value, not a stored value, where latency is represented as the time between a sent packet and it's corresponding acknowledgement. So exporting the packets in text so that you could import it into Excel wouldn't give you an RTT value that you could average without some manipulation.
I think you would have to use the tcp.analysis.ack_rtt as you indicated, also use View | Time Display Format | Seconds Since Last Captured Packet, export it to a text file, import it into Excel, and then in your spreadsheet average the values, along with using the tcp.analysis.ack_rtt as you indicated. This may be what you're looking for?

Hope this is helpful, and best of luck with your project, John

answered 17 Jun '13, 12:52

John_Modlin's gravatar image

John_Modlin
1205
accept rate: 0%

Thanks for that, i think it will work. However, I still have one problem, i don't know how to export only the RTT value, when i try to export in wireshark it's all the information I obtain.

Do you know how to select one detail of a TCP stream and export it?

Thank you for the information.

(18 Jun '13, 01:19) Geoffrey Plv...

Other thing, when i do the statistic "Packets length..." it give a stats on all packets filtered ( filter = "ip.dst == X.X.X.X and tcp.analysis.ack_rtt" ) and one column is rate in ms, do you the meaning of that?

Thank's in avance

(18 Jun '13, 01:30) Geoffrey Plv...

0

I don't believe the RTT value is an exportable value. You would have to calculate the RTT, once you export the selected packets, based on the seconds between the sent packet and it's corresponding acknowledgement.

You can right click on a packet within wireshark and then select Follow TCP Stream to display only that stream. Then you can select File | Export Selected Packets to export those packets to another .pcapng file or another format if needed.

The packet length is displayed in the Frame Header and a column is normally set as a default so you can see packet length between Protocol and Info columns.

If you're going to be using Wireshark a lot going forward, I highly recommend Laura Chappell's book, Wireshark Network Analysis, Second Edition. You will learn tons!

Best of luck Geoffrey :)

John

answered 18 Jun '13, 05:39

John_Modlin's gravatar image

John_Modlin
1205
accept rate: 0%

edited 18 Jun '13, 07:46

grahamb's gravatar image

grahamb ♦
19.8k330206