On Wed, Mar 4, 2009 at 10:01 AM, Bland Chuck-CNGR85
<Chuck.Bland@xxxxxxxxxxxx> wrote:
"You
use on "response time" fields, like rpc.time for
NFS."
[Chuck] How can I tell which ones are response times? This name doesn't give an indication. The same goes for many other time variables.
There is no canonical list of filter field names.
The easiest (only?) way to find a "response time" field is to load a capture file,
select a response packet for the protocol you are interested in and see if there is any synthetic (wrapped inside [ ] ) fields
named "time since request" or similar that represents the response time.
Clicking on that field to select it will show you the filter name in the text blurb box at the lower left of the wireshark window.
For the more popular NAS/SAN protocols these would be
smb.time / smb2.time for CIFS
rpc.time for NFS (and all other onc-rpc based protocols)
scsi.time for SCSI
iscsi.time for iSCSI
fc.time for fibre channel
But there are a lot of other protocols that measure response times as well.
What set of protocols are you primarily interested in ?
ronnie s