Wireshark-users: Re: [Wireshark-users] Questions about RTT

From: Jaap Keuter <jaap.keuter@xxxxxxxxx>
Date: Sun, 12 Feb 2017 11:07:13 +0100
> On 11 Feb 2017, at 18:58, samira afzal <afzal.samira@xxxxxxxxx> wrote:
> 
> Hi every one,
> 
> I have some questions about RTT. I am using wireshark 2.2.4. 

On what platform are you doing this?


> 1) I am going to plot RTT vs.sequence numbers. I found statistics -> i/o graph or statistics -> tcp stream graphs -> round trip time. However in both the RTT is vs. time and not versus sequence numbers. Is there any way to plot RTT vs. sequence numbers?
> 

If I go to Statistics | TCP Stream Graph | Round Trip Time, then I get a diagram of Round Trip Time over Sequence Number. 
Maybe click the ‘Reset’ button to clear up the display?


> 2) I wish to add a column with RTT. Could you please guide me?
> 

Go to Preferences | Columns. There click ‘+’ to add a new columns, select type Custom and set Field to tcp.analysis.ack_rtt

Another way is to select the RTT item in the SEQ/ACK analysis item of the TCP protocol dissection and simply use ‘Apply as Column.


> 3) I am transferring a file from server to client  over TCP. It is running locally over loop-back interface (127.0.0.1). When i checked   RTT vs. time. I saw some large RTT values. It is strange for me. because it is running locally so there is not any congestion between sender and receiver so why there are some large RTT?
> 

This could  have to do with the specifics of your platform (process scheduling, etc).


> 
> 4) In the explained scenario in question 3,  I plotted RTT vs. time and also statistics -> tcp stream graphs -> throughput to see segment size vs. time. I see that whenever RTT is high the segment value is zero. Could you  please explain me what is the reason?
> 

Seems that if the window is closed the response takes its time?


> Thanks in advance.