My question is simply what are the capabilities of specifically tshark or even wireshark for the ability to analyze pcap files finding jitter? I have seen various posts for VOIP or RTP jitter but none for HTTP. Also, I was also wondering how most people capture latency within a pcap file using the TCP protocol. So far my solution to that problem has been finding the difference in time between next TCP sequence data packets coming from the HTTP server.
Thanks in advance for any comments or advice,
asked 28 Aug '15, 07:42
O.K. if you want to measure latency, you'll have to do that at two points in parallel, with high precision clocks. One in front of the sender and one in front of the receiver. Then compare both capture files to calculate the delta of the frame timestamps and create a graph or something based on that information.
It's easy for Wireshark to calculate jitter for RTP, because there are timestamps in the RTP payload, which can be used.
Unfortunately, you don't have timestamps in (regular) TCP frames, so the only thing you can do is what I described above. Unfortunately (again), there is no support whatsoever for that in Wireshark/tshark, so you'll have to use a script (Perl/Python/Brainfuck/Whatever), to parse the output of tshark and to do the calculation of frame time delta.
See my answer to a totally different question for an idea how you could use tshark and Perl for your task.
answered 28 Aug '15, 09:25
Kurt Knochner ♦