Wireshark-dev: [Wireshark-dev] Add plugin timing statistics
Date: Mon, 31 Aug 2020 10:20:38 -0500

I would like advice on adding timing statistics to a Wireshark plugin. I have implemented a plugin for my company’s proprietary protocol, which sits on top of TCP/IP. I have added tap statistics to count various interesting pieces of data. I would now like to calculate the time it takes for the server to process commands.

 

Looking at a general flow in my protocol, a command is sent (PSH, ACK) and an ACK occurs. Then later a (PSH, ACK) and an ACK occur for the response.

If I take the response (PSH, ACK) timestamp and subtract the command ACK timestamp, I think this would be the best “how long did the server take to process” time.

Do you have an idea of any better timing data I should consider?

 

With a dissector, I can look at my protocol. How would I look at my packet’s TCP/IP protocol and get the timestamp?

 

Then I would need to associate my command’s timestamp with a response timestamp. How might I do this? Using a tap? If so, how might I do this? I know that my activity flow is - command (PSH, ACK), command ACK, response (PSH, ACK), response ACK - so I know that if I’m in a command packet that the response timestamp I need is two packets ahead, sequentially, in its conversation. Are there calls to peek ahead?

 

So, if you have suggestions on places within the documentation or code that I can study, please let me know.

 

Thank you,

Jay Turner