Wireshark-users: [Wireshark-users] Regarding time taken by 3 way handshake for creation a TCP con

From: naveen duniwal <mail_naveend@xxxxxxxxx>
Date: Sun, 17 Aug 2008 12:45:28 +0530 (IST)
Hi,

Thanks Sake for your reply .

In below explanation, I understood as packet timestamp logging is happening on the same machine as browser so for packets going from browser , logging will be immediate but for packets coming from server..there will be one side delay.

What i still don't understand is that why timestamp for 3 and 4 are same, does it mean both the request left the browser at same time. Could be diff also in some case ?

Thanks in advance.

Regards
Naveen

On Thu, Aug 14, 2008 at 02:55:43PM +0530, naveen duniwal wrote:
>
>    I am having a problem in understanding "time taken by 3 way handshake for
>    creation a TCP connection". Please look at following wireshark frames.

This question belongs more to the users list than to the development
list, could you use the users list in future requests like this?

Now for your question:

As the network delay is between end-points, it depends on the placement
of the capturing device *between* the endpoints what delta times you
will see. Added to that are the delays within the endpoints.

So, looking at your packets...

>    No    Time        Source            Destination        Protocol    Info
>
>    "1",    "0.000000",    "192.168.131.41",    "192.168.133.157", 
>    "TCP",        "sacred > http [SYN] Seq=0 Win=65535 Len=0 MSS=1360"
>
>    "2",    "0.406250",    "192.168.133.157",    "192.168.131.41", 
>    "TCP",        "http > sacred [SYN, ACK] Seq=0 Ack=1 Win=5840 Len=0
>    MSS=1460"

The delay between packet 1 and 2 is the network delay between the
capturing device and the server, plus the delay within the server (which
usually for a SYN/SYN+ACK is about 0 ms), plus the delay between
the server and the capturing device.

In short, the delay between the capturing device and the server is
about 200ms.

>    "3",    "0.406250",    "192.168.131.41",    "192.168.133.157", 
>    "TCP",        "sacred > http [ACK] Seq=1 Ack=1 Win=65535 Len=0"

Similarly the delay between packet 2 and 3 can be interpreted. Since
the delay is 0 us, this means the capturing device is the same
device as the client and the delay within the client is 0.

>    "4",    "0.406250",    "192.168.131.41",    "192.168.133.157", 
>    "HTTP",        "GET / HTTP/1.1"
>
>    There is a network latency of 100ms set between my Source (192.168.131.41)
>    and Destination(192.168.133.157). Since this is a 3 step process so I
>    assumed that it will take atleast 100ms in each of the step , but the
>    above observation doesn't support it, where time diff between Ist and IInd
>    frame is around 400 ms and rest of the timestamps are same.

Well, the network latency seems to be 200ms rather than 100ms or the
server takes 400ms - 2x 100ms = 200ms to answer the SYN with a SYN+ACK.
If that is the case, than you might want to have a look at that server
to see why it is that slow...

Hope this helps,
Cheers,
    Sake
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
https://wireshark.org/mailman/listinfo/wireshark-dev


Share files, take polls, and make new friends - all under one roof. Click here.