Wireshark-users: Re: [Wireshark-users] SEQ/ACK analysis

Date: Mon, 23 Oct 2006 14:48:37 -0500



Has there been any movement to re-introduce the SEQ/ACK breakout into
Wireshark?
We found this to be one of the most valuable capabilities in Ethereal and
used it for finding network times for remote subnets.
Below is a typical portion of a tethereal script that was used for getting
an RTT for only the TCP handshake.
This proved very valuable in quickly separating out an application-related
delay versus a network delay
and could keep a running file of network response times, especially
valuable when limited to a specific remote subnet.
This example, of course, relied on activation of the TCP relative sequence
number feature.

-z io,stat,60,AVG(tcp.analysis.ack_rtt)"((tcp.flags.syn==1 or (tcp.seq==1
and tcp.ack==1 and tcp.len==0)) and tcp.analysis.ack_rtt"

If anyone is working on restoring this capability, please add my request to
the list.

Ed Staszko