I'm new user in wireshark. I have 2 ip address (client and server), i need to determine the connection time and the respond time between the 2. is it the tcp delta time?
Thank you for your help.
asked 30 Mar '15, 01:39
Without a clear definition of "connection time" and "response time", I can only guess what you are asking for, so here is my first attempt.
If you are interested in the time between SYN and SYN ACK, or the time it takes for the three-way handshake, you can set a time reference on the SYN flag (click on the frame and press CTRL-T) and then look at the timestamp of SYN-ACK or the timestamp of the first data frame. See (1) and (2) in the screenshot below.
This can be virtually anything, from RTT analysis at TCP level up to response time for a HTTP GET. See (3) (time reference for GET) and (4) answer from server (some tools call this "first byte") and (5) final frame of the answer (wireshark shows the HTTP answer in the info field in the last frame.
answered 30 Mar '15, 03:57
Kurt Knochner ♦
edited 30 Mar '15, 09:48