Hi everybody, Just now i have started using the wireshark, i got to know how to capture the traffic flowing through network, but i am trying to get the round trip time of packets , how do i get to know that ?? i can just see the window of showing the packet no, src, dest, protocol, etc, please help me out in finding the roundtrip time. Thanks & regards Sagar This question is marked "community wiki". asked 24 May '11, 23:16 sagu072 |
2 Answers:
You should make sure you have a column showing the "relative time" (I also recommend adding the "delta time displayed" column while you're at it): see preferences/columns. Usually, you determine round trip time by selecting at the outgoing packet and setting a "time reference" by using the popup menu. Next, look for the incoming answer packet and use the relative time column to read the time that it took for the answer to arrive. Important: this only works if you capture very very close to the client (or, more generally, the machine that is sending the question). A special case is measuring RTT for TCP sessions, which can be done by finding the initial SYN, and then (after setting a time reference on it) looking at the relative time of the ACK (third packet in the TCP three way handshake). If you do that you don't have to worry about the placement of the capturing machine, because all parts of the round trip distance is included. answered 25 May '11, 00:03 Jasper ♦♦ |
What kind of WLANcard you are using sagu072 and what level of accuracy for your RTT need? I ask this question because there are different ways and different time elements which you can do this with. answered 30 May '11, 07:33 AminGho |
jasper, thank you, there s no column with name relative time, i am not really getting what all u said as m new to wireshark, i may get it once i go through wireshark n read this again, thank you.
Go to Edit -> Preferences -> User Interface -> Columns. Click "Add", name it "Relative Time" and select "Relative Time" as Field Type.
hi, i hv added the relative time column but its values are as same as time column. what exactly the relative time represents, and how do i identify outgoing packet, Ack n all.
true, if you have default wireshark settings your time column is probably set to "relative time", but since it can be changed to something else I like to have an extra column for relative time.
Regardin the outgoing packet - you need to know the protocol and what kind of packet contains outgoing data. If you are unfamiliar with the protocol you can only revert to the Three Way Handshake process I mentioned earlier.
(answer converted to comment)