This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.
0
1

Hi everybody, Just now i have started using the wireshark, i got to know how to capture the traffic flowing through network, but i am trying to get the round trip time of packets , how do i get to know that ?? i can just see the window of showing the packet no, src, dest, protocol, etc, please help me out in finding the roundtrip time.

Thanks & regards Sagar

This question is marked "community wiki".

asked 24 May '11, 23:16

sagu072's gravatar image

sagu072
35232428
accept rate: 0%


You should make sure you have a column showing the "relative time" (I also recommend adding the "delta time displayed" column while you're at it): see preferences/columns.

Usually, you determine round trip time by selecting at the outgoing packet and setting a "time reference" by using the popup menu. Next, look for the incoming answer packet and use the relative time column to read the time that it took for the answer to arrive. Important: this only works if you capture very very close to the client (or, more generally, the machine that is sending the question).

A special case is measuring RTT for TCP sessions, which can be done by finding the initial SYN, and then (after setting a time reference on it) looking at the relative time of the ACK (third packet in the TCP three way handshake). If you do that you don't have to worry about the placement of the capturing machine, because all parts of the round trip distance is included.

permanent link

answered 25 May '11, 00:03

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%

jasper, thank you, there s no column with name relative time, i am not really getting what all u said as m new to wireshark, i may get it once i go through wireshark n read this again, thank you.

(25 May '11, 00:18) sagu072

Go to Edit -> Preferences -> User Interface -> Columns. Click "Add", name it "Relative Time" and select "Relative Time" as Field Type.

(25 May '11, 01:16) Jasper ♦♦

hi, i hv added the relative time column but its values are as same as time column. what exactly the relative time represents, and how do i identify outgoing packet, Ack n all.

(25 May '11, 01:42) sagu072

true, if you have default wireshark settings your time column is probably set to "relative time", but since it can be changed to something else I like to have an extra column for relative time.

Regardin the outgoing packet - you need to know the protocol and what kind of packet contains outgoing data. If you are unfamiliar with the protocol you can only revert to the Three Way Handshake process I mentioned earlier.

(25 May '11, 02:36) Jasper ♦♦

(answer converted to comment)

(25 May '11, 02:40) SYN-bit ♦♦

What kind of WLANcard you are using sagu072 and what level of accuracy for your RTT need? I ask this question because there are different ways and different time elements which you can do this with.

permanent link

answered 30 May '11, 07:33

AminGho's gravatar image

AminGho
51448
accept rate: 0%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×28

question asked: 24 May '11, 23:16

question was seen: 56,369 times

last updated: 07 Jun '13, 01:48

p​o​w​e​r​e​d by O​S​Q​A