Wireshark-users: Re: [Wireshark-users] Question about seeing Latency in TCP conversations

From: Martin Visser <martinvisser99@xxxxxxxxx>
Date: Tue, 10 Jan 2012 14:54:39 +1100
János,

You need to go down to the bottom right corner, in the Y Axis box, and select Unit: Advanced.

Regards, Martin

MartinVisser99@xxxxxxxxx


On 10 January 2012 02:55, János Löbb <janos.lobb@xxxxxxxx> wrote:
Hi,

Im my IO Graphs  - version 1.6.2 on OS X 10.6.8 - , I see just he Filter block but neither the Calc or the variable block.  Where should I set those to display for me also in IO Graphs ?

Thanks ahead,

János

On Jan 7, 2012, at 9:44 AM, Sheahan, John wrote:

I have filtered out a single conversation and I have the time display set to “Seconds since previously displayed packet”. I want to now add the time field to a graph to show how long it took between packets.
 
Here is a screen shot of the filtered conversation:
 
<image001.png>
 
Here is my attempt at adding the Time field for this filtered conversation to the graph which did not work and I’m not sure what I’m doing wrong:
 
<image004.png>
 
Thanks,
 
johnny
 
From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Martin Visser
Sent: Wednesday, January 04, 2012 5:45 PM
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] Question about seeing Latency in TCP conversations
 
Johnny,
 
The easiest way is to examine the calculated field "tcp.analysis.ack_rtt". This appears in the details window if you have TCP Sequence Analysis on.
 
 
<image002.png>

You have to be a little careful when using this though, as Wireshark sometimes miscalculates this in the prescence of Duplicate ACKs. The best way to use it (taking out effects of the server processing delay), is during the initial handshake. So what I do is filter for "tcp.flags == 0x12" (which is the SYN/ACK) and plot tcp.analysis.ack_rtt or add it as a column.
 
<image003.png>
 

Regards, Martin

MartinVisser99@xxxxxxxxx

On 5 January 2012 08:20, Sheahan, John <John.Sheahan@xxxxxxxxxxxxx> wrote:
I have been given a sniffer trace by our application guys and they want me to look through it to see if any of the TCP conversations have higher than normal latencies.
The file is kind of big and too much data for me to filter and look at each conversation.
 
Is there an easy way to do this in Wireshark?
 
Thanks
 
Johnny

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
 
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe