Wireshark · Ethereal-users: RE: [Ethereal-users] Network Traversal Time

["Jim Hendrick" <jrhendri@xxxxxxxxxxxx>]

Random thought. Take a look at references for NTP. They do measurement of
round trip times, latencies, etc. to determine the "best" remote clock to
sync to. It isn't exactly what you want, I know. But they have been dealing
with computing very accurate clock sync based on this estimated packet
transfer time for quite a while. Maybe you'll see something if you snoop
around those archives.

Luck,
Jim


-----Original Message-----
From: ethereal-users-bounces@xxxxxxxxxxxx
[mailto:ethereal-users-bounces@xxxxxxxxxxxx] On Behalf Of Ian Schorr
Sent: Monday, March 08, 2004 8:01 PM
To: Ethereal user support
Subject: Re: [Ethereal-users] Network Traversal Time


The simple answer is no, Ethereal doesn't currently support what you're 
looking for.

I've often wanted a feature where I can measure/build a report of the 
difference in time between packets' observed arrival at different 
points on a network.  Such a thing would be extremely useful in many 
circumstances, including the "finger-pointing" situation you describe.

This wouldn't be trivial to implement, though the measurement could be 
done fairly simply:

One could, of course, rely on very synchronized clocks between packet 
capture devices and very accurate timestamp recording and simply 
measure deltas between packet arrival times between captures.

Perhaps a bit more accurate under non-ideal conditions (where 
synchronization of host clocks on the recording devices cannot be 
guaranteed), one could keep a (perhaps smoothed) log of deltas between 
host clocks by observing arrival times of packets passing in two 
directions - (d1-d2/2 = average latency, where d1 is the time between 
observing of a packet flowing one direction and a later packet flowing 
the other direction (possibly a reply to the first packet) in one 
capture, and d2 is the time difference between observing the same two 
packets in the other capture)).

However, it'd be difficult to do, especially for all types of traffic.  
For one thing, a mechanism for "fingerprinting" traffic has to be 
devised - how does the software know that a packet in one capture is 
the exact same as one in another capture?  With protocols like TCP 
there's enough information to build a reasonably reliable 
"fingerprint", but not necessarily possible with other protocols.  
Ethereal really doesn't have the infrastructure at this point to 
process this, either...

However, it could be done and would be a very interesting project for 
someone, I'm sure.  Now we just need a volunteer =)

Ian

On Mar 8, 2004, at 1:00 PM, sstudsda@xxxxxxxx wrote:

>
>
>
>
> We are currently using Cisco's IPM to collect/report network latency.
> The
> problem that I frequently run into is vendors blaming performance 
> problems
> on the network and won't accept that results of this information.  
> They are
> convinced that the network is doing something to their application only
> either through the use of ACL's or QoS.  The graphs that could be 
> produced
> be this type of comparison would be specific to the vendors 
> application and
> a little harder to argue with the results.
>
> Steve
>
>
>
>
>              "Ahmed, Munaf
>              (RDI)"
>              <Munaf.Ahmed@mail                                         
>  To
>              .va.gov>                  "'Ethereal user support'"
>              Sent by:                  <ethereal-users@xxxxxxxxxxxx>
>              ethereal-users-bo                                         
>  cc
>              unces@xxxxxxxxxxx
>              m                                                     
> Subject
>                                        RE: [Ethereal-users] Network
>                                        Traversal Time
>              03/08/2004 11:51
>              AM
>
>
>              Please respond to
>                Ethereal user
>                   support
>              <ethereal-users@e
>                thereal.com>
>
>
>
>
>
>
>
> You might want to use trace route to determine network latency from 
> point A to point B.
>
> If you are trying to debug a tpc session than you can use "Follow TCP 
> Stream" under Tools to determine the time.
>
> Munaf Ahmed
> CCIE
>
>
>
> -----Original Message-----
> From: sstudsda@xxxxxxxx [mailto:sstudsda@xxxxxxxx]
> Sent: Monday, March 08, 2004 11:47 AM
> To: ethereal-users@xxxxxxxxxxxx
> Subject: [Ethereal-users] Network Traversal Time
>
>
> Greetings!
> I was wondering if Ethereal has the ability to show the time a packet
> takes
> to traverse a network by comparing two capture files.  For example, a
> packet enters the network at point A and is captured by Ethereal and a
> second instance of Ethereal captures the same packet at network point 
> B.
> Then, by comparing the times that each packet was captured, be able to
> compute the time it took for that packet to traverse between point A 
> and
> point B and ultimately be able to build a graph showing these times.
>
> If this doesn't exist, would someone be able to point me in the right 
> direction as far as developing this capability?
>
> Thanks All!
> Steve
>
> _______________________________________________
> Ethereal-users mailing list
> Ethereal-users@xxxxxxxxxxxx 
> http://www.ethereal.com/mailman/listinfo/ethereal-users
>
> _______________________________________________
> Ethereal-users mailing list
> Ethereal-users@xxxxxxxxxxxx 
> http://www.ethereal.com/mailman/listinfo/ethereal-users
>
>
> _______________________________________________
> Ethereal-users mailing list
> Ethereal-users@xxxxxxxxxxxx 
> http://www.ethereal.com/mailman/listinfo/ethereal-users
>

_______________________________________________
Ethereal-users mailing list
Ethereal-users@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-users