Re: Question about seeing Latency in TCP conversations

["Sheahan, John" <John.Sheahan () priceline com>]

That changed worked perfectly Martin and gives me a great view of the latency for any stream. I had tried the TCP 
Stream Graph but I notice that I am unable to change the Y Axis value to anything higher than 1 second so I constantly 
miss the graph points when ever latency between packets is higher than 1 second using this method.

Do you know if there is a way to change the Y axis values on a TCP Stream Round Trip Time Graph to be more than 1 
second or is this a known limitation?

johnny

From: wireshark-users-bounces () wireshark org [mailto:wireshark-users-bounces () wireshark org] On Behalf Of Martin 
Visser
Sent: Saturday, January 07, 2012 10:34 PM
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] Question about seeing Latency in TCP conversations

Hi John,

You have almost got there, but not quite. In the variable field where you have put "time" you need to put a variable 
that will make sense. Unfortunately "time" I think is actually a protocol, and probably not relevant. If you open up 
the "Frame" section of the Packet Details of a packet, you will see a number of relevant time variables. In your case I 
would choose "frame.time_delta_displayed". (You can find out the variable name by selecting the relevant field, and 
looking in the status bar.)

You can then use this in your IO graph.

Don't forget for TCP streams you can also use TCP Stream Graphs available under the Statistics menu, which can also 
help you identify delays.

Regards, Martin

MartinVisser99 () gmail com<mailto:MartinVisser99 () gmail com>

On 8 January 2012 01:44, Sheahan, John <John.Sheahan () priceline com<mailto:John.Sheahan () priceline com>> wrote:
I have filtered out a single conversation and I have the time display set to “Seconds since previously displayed 
packet”. I want to now add the time field to a graph to show how long it took between packets.

Here is a screen shot of the filtered conversation:

[cid:image001.png@01CCCE06.C1CCECA0]

Here is my attempt at adding the Time field for this filtered conversation to the graph which did not work and I’m not 
sure what I’m doing wrong:

[cid:image004.png@01CCCE06.C1CCECA0]

Thanks,

johnny

From: wireshark-users-bounces () wireshark org<mailto:wireshark-users-bounces () wireshark org> 
[mailto:wireshark-users-bounces () wireshark org<mailto:wireshark-users-bounces () wireshark org>] On Behalf Of Martin 
Visser
Sent: Wednesday, January 04, 2012 5:45 PM
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] Question about seeing Latency in TCP conversations

Johnny,

The easiest way is to examine the calculated field "tcp.analysis.ack_rtt". This appears in the details window if you 
have TCP Sequence Analysis on.


[cid:image005.png@01CCCE06.C1CCECA0]

You have to be a little careful when using this though, as Wireshark sometimes miscalculates this in the prescence of 
Duplicate ACKs. The best way to use it (taking out effects of the server processing delay), is during the initial 
handshake. So what I do is filter for "tcp.flags == 0x12" (which is the SYN/ACK) and plot tcp.analysis.ack_rtt or add 
it as a column.

[cid:image006.png@01CCCE06.C1CCECA0]

Regards, Martin

MartinVisser99 () gmail com<mailto:MartinVisser99 () gmail com>
On 5 January 2012 08:20, Sheahan, John <John.Sheahan () priceline com<mailto:John.Sheahan () priceline com>> wrote:
I have been given a sniffer trace by our application guys and they want me to look through it to see if any of the TCP 
conversations have higher than normal latencies.
The file is kind of big and too much data for me to filter and look at each conversation.

Is there an easy way to do this in Wireshark?

Thanks

Johnny

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org<mailto:wireshark-users () wireshark org>>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request () wireshark org<mailto:wireshark-users-request () wireshark 
org>?subject=unsubscribe


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org<mailto:wireshark-users () wireshark org>>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request () wireshark org<mailto:wireshark-users-request () wireshark 
org>?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe