Christopher Maynard wrote:
Herb Falk <herb@...> <Herb@...> writes:
I am creating a dissector that needs to be able to calculate the transmission
latency of a packet.
The protocol being dissected has the timestamp of the “transmission”, I need
to be able to gain access to the time of capture of wireshark in order to
calculate the difference. Anybody know an example/documentation pointer?
I haven't done that exactly, but have used the tcp ACK round trip time
to get some indication of latency. I then used the statistical package
R to do further analysis. To get that information into text format for
the analysis, I used tshark:
tshark -r sample.pcap -Tfields -eframe.number -eip.src -etcp.srcport
-eip.dst -etcp.dstport -etcp.analysis.ack_rtt > rtt.txt
I believe pinfo->fd->abs_ts has what you're looking for. But you'll need the
clocks of the transmitting and capturing devices to be synchronized in order to
obtain any meaningful latency calculations.
That's true. A possibly useful discussion on this issue (with relevance
particularly to NTP) is here: http://www.eecis.udel.edu/~mills/stamp.html
Ed