tcpdump mailing list archives
Re: ICMP echo reply
From: Rick Jones <rick.jones2 () hp com>
Date: Wed, 23 Jul 2014 18:02:38 -0700
Please keep the discussion on the list - I don't have a monopoly on knowledge in this area.
On 07/23/2014 05:50 PM, Christ French wrote:
*)i have have tcpdump traces from both the client and the server *) assume yes thier clocks are synchronize *) these are the ICMP packets ** *15:51:58.844673 IP 192.168.0.1 > 192.168.0.2: ICMP echo request, id 27396, seq 1, length 64 15:51:58.844881 IP 192.168.0.2 > 192.168.0.1: ICMP echo reply, id 27396, seq 1, length 64 *)the client and the server are both VM(s) on the same server
If you have tcpdump traces from both the client and the server I would expect to see a total of four lines of trace. Two from the trace on the client and two from the trace on the server.
Exactly *how* are the VM's clocks synchronized? If you are going to want to know the time it took to get from the server back to the client, using tcpdump timestamps, those clocks are going to have to be rather well synchronized indeed. Down to some small number of microseconds.
Are the client and the server running the same versions of the same operating system, and using the same NIC emulation etc etc?
Why is it important to know how long it took in this case given it is clear it didn't take very long at all?
Given the likely symmetry of the path between client and server, were I pressed for an answer, I would probably start by ass-u-me-ing that the time from server to client was 1/2 the total round-trip time.
rick jones
that is all Thanks A Lot * On Thursday, July 24, 2014 1:52 AM, Rick Jones <rick.jones2 () hp com> wrote: On 07/19/2014 09:20 AM, French_christ wrote: > I just have a question and i am suppose to answer it. > The question is :ICMP echo request was sent by the client,then ICMP > echo reply was recieved by the client,both have timestamps on the > tcpdump output The question is how long took the ICMP echo reply to > be sent from the server to the client. Questions, the answers to which will perhaps help lead you to the/an answer. *) Do you have just the one tcpdump trace or do you have tcpdump traces from both the client and the server? *) Do the client and the server synchronize their clocks? *) How large is the latency as reported by ping (I'm assuming ping is the source of these ICMP Echo Requests and so triggers the ICMP echo replies)? *) What do you know about the network path from the client to the server? *) What do you know about the network path from the server to the client? Answers to at least some, if not all, those questions will go a long way towards being able to say something about how long it took the ICMP Echo Reply to travel from the server to the client. rick jones
_______________________________________________ tcpdump-workers mailing list tcpdump-workers () lists tcpdump org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Current thread:
- ICMP echo reply French_christ (Jul 23)
- Re: ICMP echo reply Rick Jones (Jul 23)
- Message not available
- Re: ICMP echo reply Rick Jones (Jul 23)
- Message not available
- Re: ICMP echo reply Rick Jones (Jul 23)