I'm trying to plot Bytes in flight using the I/O graph but i'm not sure what i'm getting is correct. How does wireshark calculates bytes in flight ? How come when I plot tcp.analysis.bytes_in_flight and ip.dst == < receiver ip>&&tcp.window_size_value I get the same graph? asked 24 Nov '11, 22:47  ddayan |
One Answer:
I assume you are using the "advanced" graphs to plot the mentioned fields? If not, the IO graph by default will just count packets in each interval that match the given filters. So the values of those fields will not be used in the graph, just amount of packtes. If you do use the "advanced" setting in the graphs, which aggregator function are you using? MAX(*)? If so, then plotting the (maximum) value of tcp.analysis.butes_in_fligt will indeed be the same as the (maximum) tcp.window_size value if the sender is filling the pipe completely (and only if you capture on the sender's side of the pipe). answered 25 Nov '11, 14:41  SYN-bit ♦♦ |
