The Tcp packet in wireshark has a timestamp option, TSval and TSecr, after googling for a while i understand that TSval is the value of the tcp clock of the sender, right? ...now if i am tracing the packets in wireshark in order to calculate the time between sending a packet and receiving the acknowledgement between each 2 packets, i need the time at which the packet was sent and the time at which the next packet(the ack pkt) was received ..at the same node .. how do i calculate that?? and is the time at which the pkt was sent = TSval ? .. if so, then how do i get the time at which i received the ack packet?? noting that i'm doing this capture and calculation on one computer (the client) thinking it'll be easier, but if i will need to include the receiving computer let me know. asked 05 May '15, 08:14  yas1234 |
One Answer:
You can use the "Time" column in Wireshark to display the times at which the capture mechanism used on your OS recorded the transmission of the request and the ack of packet. You can also set the request packet as a "Time Reference" by right clicking the packet in the packet list and selecting "Set Time Reference", accepting the change of time format if Wireshark asks, and then the Time column will directly show the response time for the ack relative to the request. answered 05 May '15, 08:44  grahamb ♦ |
do you mean the pcap file record timestamp if i'm capturing near the sender side ?
Yes that's correct. Note that it's only as accurate as the capture mechanism used.